Recovery security improves the ability to recuperate and adapt from unusual or malicious incidents taking place in or around the computer network. Even with detection and prevention security in place it would be irresponsible to assume that there was no need for security solutions should there be an incident which has a detrimental effect on the computer network. This is because detection and prevention security does not always stop a threat from causing damage to the computer network, this is either because it did not prevent it or did not prevent it before it did damage. It is therefore essential that security steps and provisions for the worst case scenario are taken. As there are 3 different forms of threat, there are three different categories of recovery which are physical, data and activity recovery.

Recovery is not only about recuperating to the point before the threat incident occurred; it is also about learning and adapting the network security. Once an incident has been successful in causing damage to the computer network it is possible to review how it happened and take steps to prevent it happening again. This involves using the detection security to view any activity information or records of the incident, then improving detection, prevention and recovery. The main advantage of this is that it makes the security of the network dynamic and therefore capable of changing and improving to make it more difficult to breach.

Physical threat recovery involves actions being taken in order to make recovery from a fire, flood, water damage, severed cables and any other physical damage to computer network as easy and as efficient as possible. The main areas of physical threat recovery are replacement parts such as spare cables or a replacement server computer and a disaster recovery plan which is not specific to physical recovery.

Data threat recovery involves actions being taken to make recovery from data theft, corruption, loss and any other data damage to computer network as easy and as efficient as possible. The main areas of data threat recovery are reliable backups of information that can be easily and efficiently used to replace the original data also a disaster recovery plan which is not specific to data recovery.

Activity threat recovery involves actions being taken to recover from the damage caused by foolish or malicious actions on the computer network. The main areas of activity threat recovery are reviewing activity logs and taking steps to prevent a similar action from happening again, activity logs may also prove important in legal actions either against the company or individual responsible. Steps can also be made to ensure that no lasting damage has been made during activity, malicious software scanners or root kit detection for example can be used to ensure no malicious software remains in the computer network also a disaster recovery plan which is not specific to activity recovery.

Recovery
Data Backups
Disaster Recovery
Vulnerability Assessment
Incident Investigations
Replacement Parts