Cyber attacks and remediation : Managing the remediation

ANSSI publishes a set of guides on remediation, laying out the principles for the management and implementation of remediation within an organisation affected by a cybersecurity incident.

This document provides a conceptual framework for remediation operations in the event of a major cyber incident compromising the integrity of an information system (IS). In this document, remediation is defined as a set of operations aimed at taking back control of a compromised IS after such an incident, and restoring it to a sufficient operational status for the survival of organisation.

This document is part of a collection of documents published by ANSSI pertaining to the remediation of cyber incidents. It is an intermediate-level document between the strategic booklet, addressing senior management, and the technical-level documents, detailing the implementation of remediation actions. More specifically, this document is intended to assist in the design and execution of the remediation project at the operational level.