Security Basics mailing list archives
Re: ... about data Backup and restoring data
From: Ron () bbb com
Date: Tue, 16 Jun 2009 15:42:16 -0600
"Backing up data" is the tip of a huge topic, DR, or Disaster Recovery or BCP, Business Continuity Planning (slightly different concepts but with lots of overlap). Lots of questions to ask and answer, such as: Is there a DR plan in place (more than the backups you are being asked to do)? If yes, great, makes your job simpler, if no, you (company) has a big problem. - Who is the "data owner", can be many different people for various areas. - How important is the data to the company, or how quickly do you have to be able to recover (1hr, 6hr, 24hr ...) - how quickly does the data change, how fast is new data entered in system. How important, and how fast it changes affects how often you make backups - how sensitive is the data to company (ie "top secret", sensitive, public) and to individuals (employees and customers), ie is the data covered by any data security laws (affects if you want to encrypt it or not - how will the data be recovered? A whole relational database all at once? A whole drive at once? All files belonging to a given company unit? Individual files that have been corrupted or deleted by accident? - who has authority to request restore of data. Company VP to restore DB? Related business manager to restore business unit files? Individual employee to restore files in their "home" directory? - how much time do you have in your backup window? Some backup technology requires files not be used during backup, some allows "shadow copying" of files while they are being used - what backup technologies will you use? Disk-to-disk is fast but relatively expensive. Disk-to-tape is relatively slower but cheaper. There is also a class of technologies called "Data de-duplication" that uses various techniques to reduce the amount of data being backed up (some does it at bit/byte/block/sector level other does it at file level) - where will you store backup media (disks or tapes). It will have to be someplace secure (locked) and somewhat safe from both generic disasters like building fire or water damage, and location related disasters like floods, earthquakes or tornadoes. - are there any legal considerations. Like some data has to be keep for specified periods of time (1,2,7, 10 years...). Is it possible the backed up data will be involved in "legal discovery", then you want to keep legal minimum (more means paying lawyers fees for them to read through lots more data) Here are some links that may help you (be sure to follow the related links on the pages too): http://searchfinancialsecurity.techtarget.com/tip/0,289483,sid185_gci1294568_mem1,00.html?track=NL-431&ad=553971HOUSE - Disaster recovery success begins and ends with the basics. This is a one pager that outlines a 13 step/rule procedure. Good starting point http://searchdatacenter.techtarget.com/guide/allInOne/category/0,,sid80_tax304077_idx0_off10,00.html - All-in-One Guides: Data center disaster recovery http://searchdatacenter.techtarget.com/news/article/0,289142,sid80_gci1262387,00.html?track=NL-456&ad=595546&asrc=EM_USC_1713058&uid=4739563 - Data center disaster recovery: Beyond hurricanes http://searchdisasterrecovery.techtarget.com/generic/0,295582,sid190_gci1337016,00.html?track=NL-58&ad=561046&asrc=EM_USC_488765&uid=4739563 - Disaster recovery FAQ http://www.baselinemag.com/c/a/Past-News/Disaster-Recovery-Make-a-Copy-Stay-in-Business/ http://searchstoragechannel.techtarget.com/guide/allInOne/0,296293,sid98_gci1244037_idx0_off1000,00.html?track=NL-58&ad=582682&offer=sstoragenm39&asrc=EM_USC_1098440&uid=4739563 - All-in-One Guides: Disaster Recovery Services Guide http://searchstorage.techtarget.com/guide/allInOneRG/category/0,,sid5_tax302934_idx0_off10,00.html - All-in-One Research Guides: Disaster Recovery Hope this helps Ron ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: ... about data Backup and restoring data Ron (Sep 10)