Final answer:
The activity that is not part of the recovery validation phase is implementing new firewall rules since this phase is about verifying the current state of the system rather than introducing new security measures.
Step-by-step explanation:
The activity not normally conducted during the recovery validation phase is Implement new firewall rules.
The recovery validation phase typically involves verifying the integrity and security of a system after it has been recovered from a failure or compromise. During this phase, the following activities are usually carried out:
- Verify the permissions assigned to each account to ensure they are correct and haven't been tampered with during the recovery process.
- Conduct vulnerability scans to determine if there are any remaining security issues that need to be addressed.
- Verify that logging is functioning properly to ensure that all actions and events are being appropriately recorded for future auditing and analysis.
Implementing new firewall rules is typically part of the prevention and protection measures in the security management lifecycle, rather than the recovery validation phase. Recovery validation is focused on ensuring that the system has been restored to its pre-disruption state with all security measures intact, not implementing new security measures.