# Ransomware Readiness Assessment One-sentence definition: Evaluate preventive, detective, and recovery capabilities against ransomware scenarios. ## Key Facts - Controls: EDR, application allowlisting, patching, macro policies. - Backups: immutability, offline copies, restore tests, RTO/RPO. - Network: segmentation, SMB hardening, egress controls, least privilege. - Exercises: encryption simulation, restore drills, tabletop communications. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick restore tests + segmentation as high-value mitigations. **Mnemonic:** “**Prevent, detect, restore**.” ## Mini Scenario Q: Backups exist but restores untested—risk? A: Unknown RTO; perform regular restore drills. ## Revision Checklist - Two preventive controls. - Backup property. - Drill type. ## Related [[Endpoint EDR Detection Validation]] · [[Tabletop Exercises (TTX) and Crisis Simulations]] · [[Configuration Drift Detection and Continuous Compliance]] · [[Identity Resilience and DR]] · [[Continuous Control Validation (CCV) Programs]] · [[Domain 6 - Index]]