Page 181 - Courses
P. 181

Exploring Corrective Controls

            Archived Backups

            Organizations often keep archived data for longer than required because of the low priority that is
            placed on disposing of archived data. Although this might seem like a safe precaution to take,
            organizations are required to follow established policies with regard to expiration of data (retention
            schedule). Straying from the retention policies can result in a potential increase in legal risk should a
            lawsuit be filed against the organization. Ineffective archival and disposal can result in increases in
            backup storage costs, regulatory and legal fines or penalties, or expansion of lawsuit-discoverable
            evidence.

            Nearly all recovery efforts rely on the ability to recover from backup, no matter the media used to
            preserve the data or information. As such, business continuity, disaster recovery, backup, and
            restore capabilities must all work in tandem to ensure an organization’s recovery capabilities.

            Recovery Planning Strategies

            Retention schedule — A policy that defines how long data items must be kept, and provides disposal
            guidelines for how and when data or information items should be discarded.

            Offsite storage facility — A physical location used to securely store an organization’s backup tapes.

            Tape management system — In mainframe and some client server environments, software used to
            manage and monitor an organization’s inventory of backup and archival tapes. Additionally, most
            tape management systems utilize a console to control the manner in which backups occur.

            Recover resiliency — Ability to recover data or restore information in various adverse situations (for
            example, data breach and emergency recovery due to server error).

            Incident Management

            Any exception to normal is considered an incident. Incidents typically fall within three categories:
              User error.
              Hardware or software failure.
              Information (Cyber) security.

            User error is typically resolved via education, whereas hardware and software failures are
            documented as problems.

            If a bad actor is involved or inappropriate access is granted and accidentally used, the incident is
            properly managed and documented, and the impact to the organization is minimal.






            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   176   177   178   179   180   181   182   183   184   185   186