Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ... about data Backup and restoring data

From: Ron () bbb com
Date: Tue, 16 Jun 2009 15:42:16 -0600
"Backing up data" is the tip of a huge topic, DR, or Disaster Recovery or BCP, Business Continuity Planning (slightly 
different concepts but with lots of overlap).

Lots of questions to ask and answer, such as:

Is there a DR plan in place (more than the backups you are being asked to do)?  If yes, great, makes your job simpler, 
if no, you (company) has a big problem. 

- Who is the "data owner", can be many different people for various areas.

- How important is the data to the company, or how quickly do you have to be able to recover (1hr, 6hr, 24hr ...)

- how quickly does the data change, how fast is new data entered in system.  How important, and how fast it changes 
affects how often you make backups

- how sensitive is the data to company (ie "top secret", sensitive, public)  and to individuals (employees and 
customers), ie is the data covered by any data security laws (affects if you want to encrypt it or not

- how will the data be recovered?  A whole relational database all at once? A whole drive at once? All files belonging 
to a given company unit? Individual files that have been corrupted or deleted by accident?

- who has authority to request restore of data. Company VP to restore DB? Related business manager to restore business 
unit files? Individual employee to restore files in their "home" directory?

- how much time do you have in your backup window?  Some backup technology requires files not be used during backup, 
some allows "shadow copying" of files while they are being used

- what backup technologies will you use?  Disk-to-disk is fast but relatively expensive.  Disk-to-tape is relatively 
slower but cheaper.  There is also a class of technologies called "Data de-duplication" that uses various techniques to 
reduce the amount of data being backed up (some does it at bit/byte/block/sector level other does it at file level)

- where will you store backup media (disks or tapes).  It will have to be someplace secure (locked) and somewhat safe 
from both generic disasters like building fire or water damage, and location related disasters like floods, earthquakes 
or tornadoes. 

- are there any legal considerations.  Like some data has to be keep for specified periods of time (1,2,7, 10 
years...).  Is it possible the backed up data will be involved in "legal discovery", then you want to keep legal 
minimum (more means paying lawyers fees for them to read through lots more data)

Here are some links that may help you (be sure to follow the related links on the pages too):

http://searchfinancialsecurity.techtarget.com/tip/0,289483,sid185_gci1294568_mem1,00.html?track=NL-431&ad=553971HOUSE - 
Disaster recovery success begins and ends with the basics.  This is a one pager that outlines a 13 step/rule procedure. 
 Good starting point

http://searchdatacenter.techtarget.com/guide/allInOne/category/0,,sid80_tax304077_idx0_off10,00.html - All-in-One 
Guides: Data center disaster recovery

http://searchdatacenter.techtarget.com/news/article/0,289142,sid80_gci1262387,00.html?track=NL-456&ad=595546&asrc=EM_USC_1713058&uid=4739563
 - Data center disaster recovery: Beyond hurricanes

http://searchdisasterrecovery.techtarget.com/generic/0,295582,sid190_gci1337016,00.html?track=NL-58&ad=561046&asrc=EM_USC_488765&uid=4739563
 - 
Disaster recovery FAQ

http://www.baselinemag.com/c/a/Past-News/Disaster-Recovery-Make-a-Copy-Stay-in-Business/

http://searchstoragechannel.techtarget.com/guide/allInOne/0,296293,sid98_gci1244037_idx0_off1000,00.html?track=NL-58&ad=582682&offer=sstoragenm39&asrc=EM_USC_1098440&uid=4739563
 - All-in-One Guides:  Disaster Recovery Services Guide

http://searchstorage.techtarget.com/guide/allInOneRG/category/0,,sid5_tax302934_idx0_off10,00.html - All-in-One 
Research Guides: Disaster Recovery

Hope this helps
Ron

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: