Which of the following practices will not aid incident handlers during recovery from OT-based security incidents?

Allowing connections to the control systems from remote vendors can introduce significant vulnerabilities during the recovery phase from operational technology (OT) security incidents. This practice poses risks as it potentially opens up the system to unauthorized access, which can lead to further incidents or complications in the recovery process. By granting remote access, incident handlers may inadvertently allow threat actors or malware entry points into an already compromised environment, hampering their ability to effectively secure and restore systems.

In contrast, conducting thorough post-incident analysis, ensuring all patches are up to date, and restricting access based on the principle of least privilege are all essential practices that strengthen an organization’s security posture and facilitate effective recovery. These practices involve learning from past incidents, maintaining system integrity by mitigating vulnerabilities, and tightly controlling user permissions to prevent unauthorized actions that could hinder recovery efforts.