Effective Practices for Cyber Incident Response and Recovery
The FSB has developed a toolkit of effective practices that aims to assist organisations in their cyber incident response and recovery activities. In this regard, organisations’ respond function executes the appropriate activities in reaction to a detected or reported cyber incident, while the recover function carries out the appropriate activities to restore any systems, capabilities or resume services or operations that were impaired due to a cyber incident.
The toolkit includes 49 practices for effective cyber incident response and recovery across seven components: (i) governance, (ii) planning and preparation, (iii) analysis, (iv) mitigation, (v) restoration and recovery, (vi) coordination and communication, and (vii) improvement. The final toolkit draws on the feedback from a public consultation process, including four virtual outreach meetings. The report was delivered to G20 Finance Ministers and Central Bank Governors for their October meeting.