Appendix F: Backup and Recovery (3/3)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Appendix F

307

Although these reasons are partially valid, testing is critical. In the event

of a disaster, the backups are one of the most critical components required

to be up and running again. The potential risk of not being able to recover

data even once justiﬁes the value of testing the recovery process. As for

testing, the frequency depends on the company and how much the envi-

ronment changes. One of the mitigating factors that might reduce the risk

is if the company routinely does ﬁle recoveries and as a result, gains some

assurance that the process works.

Risk:

Without periodically testing a full recovery or at least having a doc-

umented process for how a full recovery would be done, the restoration

process might not work properly in the event of a disaster. This can result

in not being operational for an unacceptable period of time.

Client Response:

18. What backup measures are being taken for paper-based data where no

electronic copies exist?

• What is the criticality of the paper-based data?

• If the paper-based data were destroyed, would the company have a way

to recreate the data?

• What would be the impact to the business if the paper-based data were

lost and not recoverable?

Guidance:

One of the often-overlooked areas when reviewing backup and

recovery is paper-based documents. Hard copy documents can have value

for a variety of reasons including:

• Old documents that predated electronic documents may have historical

value

• Sensitive information that was typed or where electronic copies were

not retained (e.g., sensitive personnel information, litigation-related

information).

Besides the documents listed above, there may be other paper documents

that are of value. Solutions for paper documents include off-site storage,

scanning the documents and storing them electronically, some combina-

tion of both, and others. As with electronic data, the “owners” of these

paper documents must be responsible for deﬁning the requirements related

to backups of the paper documents. Paper documents are also addressed

when evaluating physical security as well as business continuity and

disaster recovery.

Risk:

The risk associated with not backing up paper documents is that if

these documents are destroyed, it might be impossible to recover them.

AU1706_book.fm Page 307 Wednesday, July 28, 2004 11:06 AM

308

A Practical Guide to Security Assessments

Depending on the criticality of the information that is lost, the implications

can include disruption in operations or damage to the reputation of the

company.

Client Response:

AU1706_book.fm Page 308 Wednesday, July 28, 2004 11:06 AM

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Appendix F: Backup and Recovery (3/3)

Create new playlist

Sign In

Sign Up

Table of Contents for
Appendix F: Backup and Recovery (3/3)