mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 06:04:56 +03:00
mukul975
3.7 KiB
3.7 KiB
Ransomware Backup Strategy Assessment Template
Organization Information
| Field | Value |
|---|---|
| Organization Name | |
| Assessment Date | |
| Assessor Name | |
| Backup Solution | |
| Number of Servers | |
| Total Data Volume |
Current Backup Architecture
Backup Copies Inventory
| Copy # | Location | Media Type | Offsite? | Immutable? | Air-Gapped? | Retention | Encrypted? | Last Successful |
|---|---|---|---|---|---|---|---|---|
| 1 | ||||||||
| 2 | ||||||||
| 3 |
3-2-1-1-0 Compliance Checklist
- 3 Copies: At least 3 copies of data exist
- 2 Media Types: Backups stored on at least 2 different media types
- 1 Offsite: At least 1 copy stored offsite or in a different geographic location
- 1 Immutable/Air-Gapped: At least 1 copy is immutable or physically air-gapped
- 0 Errors: Automated restore testing passes with zero errors
Recovery Tier Classification
Tier 1 - Critical Systems
| System | RPO Target | RTO Target | Backup Frequency | Dependencies |
|---|---|---|---|---|
Tier 2 - Important Systems
| System | RPO Target | RTO Target | Backup Frequency | Dependencies |
|---|---|---|---|---|
Tier 3 - Standard Systems
| System | RPO Target | RTO Target | Backup Frequency | Dependencies |
|---|---|---|---|---|
Credential Isolation Assessment
| Control | Status | Evidence |
|---|---|---|
| Backup servers removed from production AD | Yes / No | |
| Dedicated backup admin accounts | Yes / No | |
| MFA enabled for backup console | Yes / No | |
| Backup network segmented | Yes / No | |
| RDP disabled on backup servers | Yes / No | |
| Backup encryption keys stored separately | Yes / No |
Restore Testing History
| Date | Tier | Systems Tested | Result | RTO Achieved | Issues |
|---|---|---|---|---|---|
Gap Analysis
| Control | Current State | Target State | Gap | Priority | Effort |
|---|---|---|---|---|---|
| Immutable backup | |||||
| Credential isolation | |||||
| Restore testing | |||||
| Offsite copy | |||||
| Encryption |
Recommendations
Critical Priority
- [Finding]: [Recommendation] - Estimated effort: [X days/weeks]
High Priority
- [Finding]: [Recommendation] - Estimated effort: [X days/weeks]
Medium Priority
- [Finding]: [Recommendation] - Estimated effort: [X days/weeks]
Recovery Runbook Checklist
Pre-Recovery
- Incident declared and scope determined
- Affected systems isolated from network
- Backup integrity verified (immutable copies confirmed clean)
- Backup timestamps verified to predate infection
- Recovery environment prepared (clean network, fresh OS images)
Recovery Execution
- Phase 1: Identity infrastructure (AD, DNS, DHCP)
- Phase 2: Tier 1 critical systems
- Phase 3: Tier 2 important systems
- Phase 4: Tier 3 standard systems
- Each restored system validated before connecting to network
Post-Recovery
- All restored systems scanned for persistence mechanisms
- Security controls validated (EDR, firewall rules, MFA)
- Users notified and credentials reset
- Recovery time documented against RTO targets
- Lessons learned documented
Sign-Off
| Role | Name | Signature | Date |
|---|---|---|---|
| IT Director | |||
| CISO | |||
| Backup Admin |