This is a semantics question. In a session on Restore at the CSF Workshop, the presenters said many of the controls they considered, such as backups, they decided belonged under Protect. We are building training materials at the BBB for SMBs and some on our team took the position that backups belong under Restore. The reasoning was that Protect controls are about actively keeping bad actors out and a backup does not directly contribute to that end. There is also an aspect of this where we consider whether Restore is a state or truly a function, as its name implies. A disaster recovery mindset leans towards a state where you are in Recovery or not. With this approach then backups need to have been done before you got into Recovery and hence get dropped in Prevent. A functional mindset allows that all five functions run in parallel at all times and backups can then stay under the Restore umbrella. At one level I recognize that this qualifies as an after-hours debate over a beer. From a training perspective, however, I submit that there is a lot to be gained from getting some clarity on this issue. Backups are just a single example and I believe there is probably a similar discussion to be had around Recover, but I put this out there to get the topic on the floor. Thoughts, folks?