What will it take to recover impaired business IT capabilities?
What is the minimum amount of cybersecurity necessary before proceeding with the
IT recovery process?
How cybersecurity enhancements be can phased so cybersecurity and business recovery can proceed together?