Page 187 - Courses
P. 187

Exploring Corrective Controls

              The secondary purpose is to recover data from an earlier time according to a user-defined data
               retention policy. Typically, this recovery method is configured within a backup application, and
               is based on a time requirement for retention.

            Backups and restore procedures represent a simple form of disaster recovery and should be part of a
            disaster recovery plan (DRP), but backups and restore procedures should not be the only solution
            during disaster recovery.

            Typical Backup Storage

            Most organizations are using direct connection and/or mirroring to transfer backup data to an
            alternative device or site (i.e., secondary on-premise location or cloud computing).

            Typical backup storage media includes tape, disk, or replication to an offsite location using internal
            or external media. The primary goal is to back up systems and data following the 3-2-1 backup rule:
            keep at least three copies, using at least two different storage media, with at least one copy being
            located at an alternative facility.

            If external media (tape/external hard drives, USB) are sent offsite, a courier service is used to transfer
            the backup media. When the media being transferred holds highly confidential information, the
            organization may choose to utilize a more secure courier service, such as an armored car. At the
            offsite facility, stringent physical security procedures are followed to ensure safeguarding of the
            organization’s backup media and other artifacts (plans and procedures, forms, portable devices,
            batteries, etc.).

            There are different methods for cycling backups, including electronically storing them at an
            alternative location, sending them offsite, and/or retaining them onsite on a secondary
            (mirrored/redundant) server. The method(s) selected is organization- and cost-dependent.

            Organizations often use direct connections to transfer (backup) data to an alternate server or site
            (e.g., cloud computing). Recently, as a result of the increase in cyber events, some organizations are
            re-examining the use of tape to establish air-gapping, which is an isolation technique whereby the
            physical backup is exempt from an exploit impacting the rest of the discoverable network.

             TOPIC 5: AUDITING RECOVERY PROCESSES


            Overview

            Internal audit can add value to a company’s recovery processes by performing an array of consulting
            and assessment activities. Reviewing backup processes will encompass evaluation of backup
            methodologies, as well as the physical and logical security governing the storage of tapes onsite and
            at the offsite facility.

            Overall recovery from disruptions and events will require internal auditors to participate in the
            organization’s disaster recovery drills and assess their overall preparedness.
            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   182   183   184   185   186   187   188   189   190   191   192