When an organization has experienced a cyber-attack, it must reconstitute its data and applications, including security infrastructure such as identity and access mechanisms, in order to continue mission or business critical functions in a trustworthy manner. This requires procedures for verifying the integrity of the backups to be restored, prioritization of restoration, and practices for ensuring that the destructive malware is not restored with the rest of the data.