File Backup
When considering security, most of the attention is placed on the confidentially of sensitive information. Controls are put in place to ensure that the appropriate individuals have the right access to information.
Security, however, address three areas protecting the sensitive information:
- Confidentiality
- Integrity
- Availability
The availability of information is as critical as the confidentially. The following process should be observed when creating controls for the availability of information:
- Identify Critical Data – remember that critical sensitive information may exist in the form of a primary business application or unstructured information, such as MS Word, MS Excel, PDF, and image files
- Establish a location for the backup data – the most common locations for backup include redundant servers or cloud-based backup
- Place physical protection around the backup media – keep in mind that data held on backup media, irrespective of the location, should be encrypted and physical access should be granted on a minimum necessary basis
- Create a schedule that includes full and incremental backup of critical data
- Periodically test the integrity of the backup to ensure that readable copies are being created
- Create a schedule of restoration testing to ensure that the backup data can successfully be recovered
- Limit access to backup data to authorized individuals only
- Periodically investigate new technologies or patches that provide for additional security and efficiencies in the backup solution