Recovery: the system should be restored; as far as possible any damaged
data should be reloaded and external connections restarted.
8.9.13 Appointed security personnel for the system should examine al incidents
of electronic attacks and determine whether any additional electronic or
procedural countermeasures, including changes to the incident response plan
and/or incident recovery procedures, should be put in place.