Product SiteDocumentation Site

4.4.2. Data Integrity Plan

The data integrity plan is designed to identify data that may have been accessed in an unauthorized fashion, to identify data that may have been changed as a result of that access, and to ensure that all impacted data is safe for continued use.
Data Integrity Plan
Sign offTaskDescription
Data IntegrityEnsure the below table has been completed and is accurate.
Data Integrity Plan
CompleteTaskDescription
Configuration ManagementEnsure the configuration management repository is intact and has not been altered as a result of an unauthorized access. Compare to off-site backups if necessary.
Database DataVerify hosts containing any databases, and the data that resides therein. The nature of this task depends on the extent of any unauthorized access. The incident response team must reach an informed consensus on the procedures required.
Shared dataVerify shared data has not been altered as a result of an unauthorized access. Malicious files that may have been left behind during the incident should be listed and removed from the system. Make a list of files that have changed during the incident window and verify them.
Temporary or Cached DataRemove any temporary or cached data and rebuild from scratch. If this procedure is not feasible, verify the local cache against a known good remote cache.