Page 180 - Courses
P. 180

Exploring Corrective Controls

            Middleware is software that acts as a bridge between an operating system or database and
            applications, especially on a network.

            Backup Processing

            Backup processing refers to the copying and archiving of computer software, configuration,
            reporting repositories, and data so it may be used to restore the original versions after an outage,
            system failure or correction, or a data loss event. Examples include restoring one or more file, folder,
            database, configuration parameter, operating system, and/or application system software.

            Note: The heart of any successful DRP is a comprehensive backup strategy and routinely tested
            restorative procedures.

            Types of Backups

            The type of backup is directly related to its purpose.

            Disaster Recovery: A backup for pure disaster recovery would include a full disk backup. Such a
            backup process would not be readily usable for a simple file restore but provides a fast and timely
            recovery to restore a full disk. Full disk backup is the process to backup all data contained on a disk
            drive.

            File Restoration: A backup for a file restore would include backing up one file at a time, and is fairly
            time intensive as compared to a full disk backup. Such a backup process is readily usable for
            performing a file restore, but not a full disk restore.

            Archiving: Backups for archiving must also include the operating system (OS) and application
            version that the data is backed-up from, such that a restore for older, archived data would include
            both the application and the data. An archive may also require backing up the existing operating
            system (OS) as it could be customized specifically for the application version archived.

            Note: Many organizations utilize cloud-based backups, mirroring, and Disaster Recovery as a Service
            (DRaaS), for critical systems that require minimal downtime.

            Backup Frequency

            The frequency of backup varies based on a combination of the RTO and RPO determined during the
            BIA, along with the corporate retention and destruction policy. For example, if the data changes
            occur infrequently, and the RPO reflects some data loss as acceptable and the RTO reflects daily,
            then backups will most likely take place nightly. However, systems that have low tolerance to data
            loss and downtime may select mirroring or Disaster Recovery as a Service (DRaaS) to ensure quick
            recovery, if needed.




            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   175   176   177   178   179   180   181   182   183   184   185