Certified Incident Handler (CIH) Practice Ecam

Identify the CIS security control used to formulate a strategy for restoring compromised assets to their pre-incident states.

• A. Audit log management
• B. Data recovery
• C. Account management
• D. Incident response

The correct answer is: Data recovery

The correct choice is focused on the process of data recovery, which is integral to formulating a strategy for restoring compromised assets to their pre-incident states. Data recovery involves the restoration of data and system functionality following a security breach or incident. This control is specifically designed to ensure that affected systems and data can be restored quickly and effectively, mitigating downtime and reducing the impact on organizational operations. Data recovery typically includes creating and maintaining backups of essential data, planning for various types of data loss scenarios, and having methods in place to restore lost or corrupted information. By implementing robust data recovery strategies, organizations enhance their resilience against incidents, ensuring they can return to normal operations with minimal disruption. In contrast, audit log management focuses on maintaining and reviewing logs for security events, which is crucial for detecting incidents but does not specifically address restoration of compromised assets. Account management relates to the oversight and control of user accounts and privileges, while incident response encompasses the broader framework for addressing and managing security incidents but does not singularly focus on restoration processes.