Categories Topics
Description
Data Backup and Restoration

Overview
Data backup and restoration is the process of ensuring system availability by backing up systems, applications and data onto tape or physical media in the event information may need to be restored after a disaster or unintended errors.

Guidelines
Organizations should have a process to backup and restore data in the event the primary facility is unavailable (due to disaster), system/data is unavailable, deleted or changed due to unauthorized access or error.  A backup and restore process can be performed from a variety of technology solutions to include: tape library/backup, on-line backup storage array, and redundant/backup storage facility to name a few.  The data restore process should also be tested consistently and at least annually.

Tape backups and archives of sensitive information should also be encrypted and access limited to only authorized roles (e.g. tape operator).  Media backups should also be stored in a secure location, preferably off-site facility, such as backup site or a commercial facility. The backup facility should also be reviewed for security at least annually.  Secure transport (such as armored vehicle with guards) to an offsite location would reduce the likelihood of sensitive information stored on media being lost or stolen for malicious intent.

Topic Category
Operations and Communications Management
 
News Articles
Unprotected MongoDB Databases Wiped and Held for Ransom by Attackerwww.tripwire.com1/4/2017
CTB Locker ransomware now also encrypts websiteswww.helpnetsecurity.com2/29/2016
TalkTalk hack hits up to 4 million in unencrypted data theftwww.zdnet.com10/23/2015
Stolen hard drives bring more data breach pain for US health servicesnakedsecurity.sophos.com3/11/2015
Data retention may have helped police in Sydney siege: Abbottwww.zdnet.com12/16/2014
South Korean Data Breach Compromises 27 Millionthreatpost.com8/26/2014
Congress unveils bill to limit NSA's powersnews.cnet.com9/26/2013
Yahoo recycled ID users warn of security risknews.cnet.com9/24/2013
Guardian lets UK spooks trash 'Snowden files' PCs to make them feel betterwww.theregister.co.uk8/20/2013
More than half polled OK with NSA tracking to catch terroristsnews.cnet.com6/11/2013
Symantec Warns of New Malware Targeting SQL Databasesthreatpost.com11/23/2012
Class action suit seeks $4.9 billion in damages from TRICARE data theftwww.nextgov.com10/13/2011