CISM - Incident Management - Section 4.11
Execute incident eradication and recovery activities to restore systems and services to normal operation.
Execute eradication activities to remove the root cause of an incident - such as eliminating malware, closing exploited vulnerabilities, and revoking compromised credentials - before initiating system recovery and restoration to normal operation. Verify that eradication is complete and that restored systems are clean prior to returning them to production.
EradicationSystem recoveryRoot cause removalRestoration
More in this domain
Back to all Incident Management objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.