The ANSSI publication “Cyber attacks and remediation: The keys to decision-making” provides a comprehensive conceptual framework for managing remediation operations after a major cyber incident compromising an information system. It defines remediation as the process of regaining control of a compromised system and restoring it to an operational state essential for organizational survival. The framework is structured around three main phases—Containment, Eviction, and Eradication—collectively known as CEER, supported by parallel reconstruction activities to rebuild compromised infrastructure. The document emphasizes the importance of aligning remediation efforts with strategic objectives set by senior management, breaking these down into operational goals, mobilizing resources, and coordinating sub-projects. It also outlines three standard remediation scenarios reflecting different priorities: rapid restoration of critical services, controlled recovery of the system, and leveraging remediation to enhance long-term security and resilience. The guide stresses that remediation is part of a broader incident response process, supplementing crisis management and investigation, and highlights the necessity of continuous communication with decision-makers throughout the remediation project.
Publication's URL
URL: https://cyber.gouv.fr/en/publications/cyber-attacks-and-remediation-keys-decision-makingPublication's scorecard
Country: FRA
Scope: Cyber
Typology: Standard
Publication's date: April 16, 2025
Category: Attack Recovery
Sector: Cross-Sector
Rating:
(No Ratings Yet)
Loading...Error: unable to get links from server. Please make sure that your site supports either file_get_contents() or the cURL library.