BACKUP SECURITY GUIDELINE



Similar documents
Chapter 8. Secondary Storage. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.

A backup is a copy of your files that will be able to reproduce the original, if it is lost, damaged or stolen.

NCTE Advice Sheet Storage and Backup Advice Sheet 7

CENTER FOR NUCLEAR WASTE REGULATORY ANALYSES

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

Local Government Cyber Security:

Frequently Asked Questions About WebDrv Online (Remote) Backup

Suite. How to Use GrandMaster Suite. Backup and Restore

Backup. Contents. 1 Storage, the base of a backup system. 2 Selection, extraction and manipulation of data. 3 Managing the backup process.

Disk-to-Disk-to-Offsite Backups for SMBs with Retrospect

Types Of Storage Device

Document Management Plan Preparation Guidelines

Disaster Recovery for Small Businesses

Linux System Administration

15 Organisation/ICT/02/01/15 Back- up

Computer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)

REMOTE BACKUP-WHY SO VITAL?

IBM Tivoli Storage Manager

Backup with synchronization/ replication

Library Recovery Center

Portable Media. BackupAssist Quick-Start Guide for. BackupAssist installation, configuration and setup. Contents.

VERITAS Backup Exec 9.1 for Windows Servers. Intelligent Disaster Recovery Option

Online Backup Plus Frequently Asked Questions

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration

Storage Options for Document Management

How To Store Data On A Computer (For A Computer)

Exchange Brick-level Backup and Restore

About Backing Up a Cisco Unity System

CSCA0201 FUNDAMENTALS OF COMPUTING. Chapter 5 Storage Devices

Exhibit to Data Center Services Service Component Provider Master Services Agreement

VERITAS Backup Exec 10 for Windows Servers. Intelligent Disaster Recovery Option

Solution Brief: Creating Avid Project Archives

Version: Page 1 of 5

6. FINDINGS AND SUGGESTIONS

Computer Backup Strategies

This policy is not designed to use systems backup for the following purposes:

McGraw-Hill Technology Education McGraw-Hill Technology Education

Planning a Backup Strategy

Backup and Recovery in Laserfiche 8. White Paper

StorageCraft Technology Corporation Leading the Way to Safer Computing StorageCraft Technology Corporation. All Rights Reserved.

Backup and Archiving Explained. White Paper

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT

BackupAssist Common Usage Scenarios

Windows Server 2008 and BackupAssist

How To Use External Usb Hard Drives With Backupassist With Backuphelp With Backupa2.Com (A Usb Hard Drive) With Backupahd (A Thumbdrive) With A Backupassistant (A Flash) With An External Hard Drive

Tandberg Data AccuVault RDX

Data Backup Options for SME s

Using the NDMP File Service for DMA- Driven Replication for Disaster Recovery. Hugo Patterson

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies

Competitive Analysis Retrospect And Our Competition

Disaster Recovery Strategies: Business Continuity through Remote Backup Replication

Tech Application Chapter 3 STUDY GUIDE

Flexible backups to disk using HP StorageWorks Data Protector Express white paper

Backup and Restore User manual For version

How To Answer A Question About Your Organization'S History Of Esi

Every organization has critical data that it can t live without. When a disaster strikes, how long can your business survive without access to its

Electronic Records Storage Options and Overview

Chapter 8: Security Measures Test your knowledge

Backup and Recovery 1

IT Service Management

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

Snapshot Technology: Improving Data Availability and Redundancy

CITY UNIVERSITY OF HONG KONG. Information Classification and

Tech Times. Back-up and Storage

William Stallings Computer Organization and Architecture 7 th Edition. Chapter 6 External Memory

Backup and Recovery FAQs

EMC Retrospect 7.5 for Windows. Backup and Recovery Software

WHITE PAPER. Acronis Backup & Recovery 10 Overview

Multi-Terabyte Archives for Medical Imaging Applications

Intelligent disaster recovery. Dell DL backup to Disk Appliance powered by Symantec

Writing Assignment #2 due Today (5:00pm) - Post on your CSC101 webpage - Ask if you have questions! Lab #2 Today. Quiz #1 Tomorrow (Lectures 1-7)

Total Cost of Ownership Analysis

Digital Media Storage

Service Overview CloudCare Online Backup

Optimized data protection through one console for physical and virtual systems, including VMware and Hyper-V virtual systems

Disk-to-Disk-to-Tape (D2D2T)

Protecting SQL Server Databases Software Pursuits, Inc.

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

Talk With Someone Live Now: (760) One Stop Data & Networking Solutions PREVENT DATA LOSS WITH REMOTE ONLINE BACKUP SERVICE

IP Storage On-The-Road Seminar Series

Continuous Data Protection. PowerVault DL Backup to Disk Appliance

ACS Backup and Restore

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

VIRGINIA ASSOCIATION OF COMMUNITY SERVICES BOARDS HIPAA READINESS STEERING COMMITTEE

Hosted File Backup for business. Keep your data safe with our cloud backup service

Transcription:

Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect to the subject. Template Provider: Information Security Office BACKUP SECURITY GUIDELINE The pages following represent a template to be used by HSC Organizations in developing their own backup procedures. Backup procedures are required by some local, state, and federal requirements based on business risk or criticality of information. The template describes backup process considerations, solutions, and documentation needed to fulfill regulatory requirements. The pages following are designed so HSC Organizations may print/file the document, then fill in the blanks for HSC Organization specific information. Note: Service Level Agreements with Computing Resources can also facilitate HSC Organization backup needs or assist with backup media storage. Backup Security Guideline Internal Use Only

BACKUP PROCEDURES for the (Fill-In-Blank) HSC Organization Updated MONTH DD, YYYY Maintained by: Name: HSC Organization: Phone: Email: HSC Organization Backup Procedures 1 Confidential

Table of Contents 1. POLICY... 3 2. PURPOSE... 3 3. BACKUP PLANNING... 3 TABLE 3.1...4 HSC ORGANIZATION SYSTEM /COMPONENT BACKUPS...4 4. BACKUP MEDIA... 4 TABLE 4.1...5 HSC ORGANIZATION BACKUP MEDIA SPECIFICATION...5 5. BACKUP METHODS... 5 TABLE 5.1...7 HSC ORGANIZATION BACKUP METHODS AND FREQUENCY...7 6. BACKUP STORAGE... 7 TABLE 6.1...8 HSC ORGANIZATION BACKUP STORAGE STRATEGY...8 7. BACKUP LABELS... 8 8. BACKUP TESTING... 8 TABLE 8.1...9 HSC ORGANIZATION BACKUP TESTING STRATEGY...9 9. SPECIFIC OPERATING SYSTEM REFERENCES... 9 APPENDIX A - BACKUP TESTING LOG...11 APPENDIX B - ADDITIONAL SUPPORTING DOCUMENTS...12 HSC Organization Backup Procedures 2 Confidential

1. Policy It is the policy of The University of Texas Health Science Center (UTHSCSA) to protect its information and to recover from interruptions of vital University operations. The Health Science Center s (HSC) Organization is taking responsibility for the development and implementation of backup procedures that are consistent with the overall policies and procedures guiding the University. Furthermore, our organization is committed to employ all appropriate backup strategies for anticipating and controlling crisis situations. 2. Purpose Electronic backups enable the recovery of data, systems, and applications in the case of events such as natural disasters, system disk drive failures, compromises, data entry errors, or system operations errors. Backups facilitate the availability, restoration, and performance of essential functions during any emergency or situation that may disrupt normal operations. Backup considerations may include but not limited to: servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology). Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Information resources backup and recovery process for each system must be documented and periodically reviewed. 3. Backup Planning The following questions should be considered when developing a backup plan: Where will media be stored? What data should be backed up? How frequent are backups conducted? How quickly are the backups to be retrieved in the event of an emergency? Who is authorized to retrieve the media? How long will it take to retrieve the media? Where will the media be delivered? Who will restore the data from the media? What is the media-labeling scheme? How long will the backup media be retained? When the media are stored on-site, what environmental controls are provided to preserve the media? What is the appropriate backup media? What types of media readers are used at the alternate site? What are the costs for varying backup solutions? HSC Organization Backup Procedures 3 Confidential

What is the business impact for loss of data or availability? TABLE 3.1 HSC Organization System/Component Backups The HSC Organization has determined based on business needs and risks to backup the following systems or components: SYSTEM/COMPONENT 1. 2. 3. 4. 5. 4. Backup Media Backups can be stored on various media such as: Floppy Diskettes. Floppy diskette drives are becoming less standard with most computers and these drives have a low storage capacity and are slow. Tape Drives. Tape drives are not common in desktop computers, but are an option for a high-capacity backup solution. Tape drives are automated and require a thirdparty backup application or backup capabilities in the operating system. Tape media are relatively low cost. Removable Cartridges. Removable cartridges are not common in desktop computers and are often offered as a backup solution as a portable or external device. Removable cartridges, such as Iomega Zip and Jaz storage drives, are more expensive than floppy diskettes and are comparable in cost to tape media depending on the media model and make. However, removable cartridges are fast, and their portability allows for flexibility. The portable devices come with special drivers and application to facilitate data backups. Compact Disk. CD, read-only memory (CD-ROM) drives come standard in most desktop computers; however, not all computers are equipped with writable CD drives. CDs are low-cost storage media and have a higher storage capacity than floppy diskettes. To read from a CD, the operating system s file manager is sufficient; however, to write to a CD, a rewritable CD (CD-RW) drive and the appropriate software is required. Digital Versatile Disc. DVD is an optical disc technology with gigabyte storage capacity and can facilitate video, audio or other information storage. This technology HSC Organization Backup Procedures 4 Confidential

has a higher capacity than CDs and is also more expensive; however, it is becoming a standard with new desktops. Network Storage. Data stored on networked PCs can be backed up to a networked disk or a networked storage device: Networked disk. A server with data storage capacity is a networked disk. The amount of data that can be backed up from a PC is limited by the network disk storage capacity or disk allocation to the particular user. However, if users are instructed to save files to a networked disk, the networked disk itself should be backed up through the network or server backup program. Networked storage device. A network backup system can be configured to back up the local drives on networked PCs. The backup can be started from either the networked backup system or the actual PC. Replication or Synchronization. Data replication or synchronization is a common backup method for portable computers. Handheld computers or laptops may be connected to a PC and replicate the desired data from the portable system to the desktop computer. TABLE 4.1 HSC Organization Backup Media Specification The HSC Organization has determined the appropriate backup media as follows: SYSTEM/COMPONENT BACKUP MEDIA 1. 2. 3. 4. 5. 5. Backup Methods A combination of backup methodologies can be used depending on the system configuration and recovery requirements. The frequency and extent of backups must be in accordance with the importance of the information and the acceptable risk as determined by the data owner. System Backups Full. A full backup captures all files on the disk or within the folder selected for backup. Because all backed-up files were recorded to a single media or media set, locating a HSC Organization Backup Procedures 5 Confidential

particular file or group of files is simple. However, the time required to perform a full backup can be lengthy. In addition, full backups of files that do not change frequently (such as system files) could lead to excessive, unnecessary media storage requirements. Incremental. An incremental backup captures files that were created or changed since the last backup, regardless of backup type. Incremental backups afford more efficient use of storage media, and backup times are reduced. However, to recover a system from an incremental backup, media from different backup operations may be required. For example, consider a case in which a directory needed to be recovered. If the last full backup was performed three days prior and one file had changed each day, then the media for the full backup and for each day s incremental backups would be needed to restore the entire directory. Differential. A differential backup stores files that were created or modified since the last full backup. Therefore, if a file is changed after the previous full backup, a differential backup will save the file each time until the next full backup is completed. The differential backup takes less time to complete than a full backup. Restoring from a differential backup may require less media than an incremental backup because only the full backup media and the last differential media would be needed. As a disadvantage, differential backups take longer to complete than incremental backups because the amount of data since the last full backup increases each day until the next full backup is executed. Data Backups Continuous. Continuous data backups can be achieved by utilizing technology that writes data simultaneously to an alternate system. This method is most commonly used for data recovery. Examples include: o Disk replication - data is written to two different disks to ensure that two valid copies of the data are always available. The two disks are called the protected server (the main server) and the replicating server (the backup server). Disk replication can be implemented locally or between different locations. Disk replication techniques include: RAID technology, mirroring, and shadowing. o Electronic vaulting and remote journaling - are similar technologies that provide additional data backup capabilities, with backups made to remote tape drives over communication links. Remote journaling and electronic vaulting enable shorter recovery times and reduced data loss should the server be damaged between backups. With electronic vaulting, the system is connected to an electronic vaulting provider to allow backups to be created off-site automatically. The electronic vault could use optical disks, magnetic disks, mass storage devices, or an automated tape library as the storage devices. With this technology, data is transmitted to the electronic vault as changes occur on the servers between regular backups. These transmissions between backups are sometimes referred to as electronic journaling. HSC Organization Backup Procedures 6 Confidential

Scheduled. Scheduled data backups can be achieved by utilizing scripts, backup software, or operating system tools for coping files to alternate systems. This process may be schedule or manual. TABLE 5.1 HSC Organization Backup Methods and Frequency The HSC Organization has determined the appropriate backup method as follows: SYSTEM/COMPONENT BACKUP METHOD FREQUENCY 1. 2. 3. 4. 5. 6. Backup Storage Based on data criticality, storage of backup media may include multiple storage strategies such as both onsite and offsite. When selecting a storage facility or service, the following criteria should be considered: Geographic area distance from the organization and the probability of the storage site being affected by the same disaster as the organization Accessibility length of time necessary to retrieve the data from storage and the storage facility s operating hours Security security capabilities of the storage facility and employee confidentiality, which must meet the data s sensitivity and security requirements Environment structural and environmental conditions of the storage facility (i.e., temperature, humidity, fire prevention, and power management controls) Cost cost of shipping, operational fees, and disaster response/recovery services. HSC Organization Backup Procedures 7 Confidential

For critical information, it is good business practice to store backed-up data offsite. Computing Resources services or Commercial data storage facilities are specially designed to archive media and protect data from threatening elements. If using offsite storage, data is backed up at the organization s facility and then labeled, packed, and transported to the storage facility. When the data is required for recovery or testing purposes, the organization contacts the storage facility requesting specific data to be transported to the organization or to an alternate facility. Commercial storage facilities often offer media transportation and response and recovery services. TABLE 6.1 HSC Organization Backup Storage Strategy The HSC Organization has determined the appropriate backup storage strategy is: SYSTEM/COMPONENT BACKUP STORAGE STRATEGY 1. 2. 3. 4. 5. 7. Backup Labels Backup media stored should have appropriate labeling to managing tape ownership, sensitivity and rotation such as the following: HSC Organization Name: HSC Organization Location System or Component Name: Creation Date: Expiration Date: Data Classification: Contact Information: 8. Backup Testing HSC Organization Backup Procedures 8 Confidential

Testing is an integral part of ensuring your backups are good and available when needed. Testing should be done routinely. When testing backups, extra caution should be used not to impact your operations. When, where, and how are important decisions before attempting to validate your backups. Document for backup testing per system or component is maintained in Appendix A. TABLE 8.1 HSC Organization Backup Testing Strategy The HSC Organization has determined the appropriate backup testing strategy as follows: SYSTEM/COMPONENT TEST PLAN (When, Where, How) 1. 2. 3. 4. 5. 9. Specific Operating System References More information is available for specific operating systems from vendor supported websites. Some of these websites contain specific recommendations, procedures, or scripts for specific operating systems. Below are the major websites for assistance: http://www.microsoft.com/ http://www.redhat.com/ http://www.sun.com/ http://www.apple.com/ HSC Organization Backup Procedures 9 Confidential

HSC Organization Backup Procedures 10 Confidential

APPENDIX A - BACKUP TESTING LOG System/Component Test Date Results Facilitator HSC Organization Backup Procedures 11 Confidential

APPENDIX B - Additional Supporting Documents HSC Organization Backup Procedures 12 Confidential

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information