Japan Data Recovery Association
“Vendor selection check sheet for data damage” jointly created and released by five organizations that support cybersecurity in Japan The first joint activity by five domestic specialized organizations to avoid data damage from ransomware crimes, natural disasters, and trouble with data recovery service providers when data is lost due to IT system failure.
Japan Data Recovery Association (Location: Minato-ku, Tokyo, Chairman: Yasuya Uraguchi, hereinafter referred to as DRAJ), a specified non-profit organization Digital Forensics Research Association (Location: Shinagawa-ku, Tokyo, Japan) Chairman: Tetsutaro Uehara, hereinafter referred to as IDF), Japan Network Security Association (located in Minato-ku, Tokyo, Chairman: Hidehiko Tanaka, hereinafter referred to as JNSA), Japan Computer Security Incident Response Team Council (located in Tokyo) Chuo-ku, Tokyo, Chairman: Tatsuya Kitamura, hereinafter NCA) The Software Association of Japan (located in Minato-ku, Tokyo, Chairman: Kunihiro Tanaka, hereinafter SAJ) has prepared a “vendor selection check sheet for data damage”. Jointly created and published.
Press releases
Dear members of the press,
December 16, 2022
Data Recovery Association of Japan (DRAJ)
NPO Digital Forensics Research Group (IDF)
Japan Network Security Association (JNSA)
Japan Computer Security Incident Response Team Association (NCA) Software Association of Japan (SAJ)
Vendor selection check sheet for data damage
Download URL
https://digitalforensic.jp/higai-checksheet/
【background】
In recent years, cyberattacks have affected organizations’ data, such as incidents where files were encrypted by ransomware. Organizations whose data has been encrypted or lost may turn to data recovery providers to restore the data to its original state. However, there are an increasing number of cases where business operators who perform data recovery are interpreting the “recovery rate” at their own convenience, and cases where troubles occur over the cost of handling, contracts, etc.
[Image
Therefore, DRAJ, IDF, JNSA, NCA, and SAJ have been developed so that the person in charge and person in charge of the user organization can supplement their knowledge when requesting data recovery, and can negotiate and respond appropriately with business operators. Organizations related to security collaborated to create and publish it.
[Content]
By using the check sheet, which can be used at the contract stage from the selection of the business operator before the organization requests data recovery, it will be possible to select the business operator appropriately.
The sheet is roughly divided into two: the sheet used when data is encrypted by ransomware, and the sheet used when other data is damaged or lost. In particular, the ransomware sheet is characterized by items that require an agreement with the business about the ransomware response policy, non-negotiating, and not paying the ransom.
[Table 3: https://prtimes.jp/data/corp/113658/table/1_1_b2c5877c04f459e8da0df5d5c5ba16a5.jpg ]
Question items related to ransomware (excerpt)
This sheet, prior proposals and adjustments will be scored to evaluate the data provider. The lower the score, the more damage may be caused, such as not returning money or data after requesting a request. This sheet was created jointly by 5 organizations so that they can select data while referring to the scores on this sheet and work to ensure that the data recovery is appropriate for the organization.
Incidents can happen in any organization. We will continue to work to eradicate the data recovery damage that is currently occurring. 【contact address】
[Table 4: https://prtimes.jp/data/corp/113658/table/1_2_478d3285ab47ae0d85186ae3bc9db4ee.jpg ]
Details about this release:
<a href=)
https://prtimes.jp/main/html/rd/p/000000001.000113658.html