Hello and welcome back to I t Security Policy training here on Cyber Eri.
This is still part of macho to this is the data backup policy with Troy Lemaire.
So the learning objective for this data backup policy is looking at the direction, the schedule and the testing of the data backup policy.
But we're gonna look at this template that was created by health fatigue dot gov
purposes establishing implement policies and procedures for backing up all data to ensure recover ability in case of a damaged system.
Policy applies to all employees and affiliates
and the practice Are the company on the direction of security Officer shall implement a backup plan to create maintain retrievable copies of pH. I. If you don't have pH I within your organization, you can just say exact copies of systems.
But this is where it goes into the actual scheduling that they're looking for. The conclusion of each day Monday through Friday in incremental backup of all servers shall be backed up to tape. If you don't use tape and you have digital offside or onside, you would want to fill it with that information. Saturdays would be a full backup So you'd want to look at this and put it in
to the context of your schedule that you want tohave within your organization.
Then you have one month of backup. Data will be maintained at all at all times in a remote location.
Back of me is no longer in service. Will be. Suppose up with the disposal of
external median hardware policy
Security officer shall monitor storage removal backups and ensure our all AP pickle access, controls and force.
And the suit officer shall test back a procedure on an annual basis ensure the exact copies of the data can be retrieved and made available.
So in regards to this policy, the things you again you want to look at is what, here, your schedules that you have for your backup.
What is your media that you're using? Whether it's tape or it's Elektronik,
how long you want to keep the data to have as an archive
and then the monitoring and storage of the backup, And then what is gonna be your testing procedures that you're gonna have
where you test make sure these backups are actually good and able to be used
again? Same policy compliance the SEC teams gonna verify the compliance,
exceptions must be approved in advance.
And then any employee found violating policy could be subject to disciplinary action up to and including termination of employment.
In summary. Today's reflector We talked about direction, schedule and testing of the data backup policy.
Quick recap question under direction of whom should have data backup plan be implemented,
and that would be the security officer or who has ever is designated as the person that is going to be responsible for making sure this plan is implemented?
Other recap. Question. How often should the back of procedures be tested? At a minimum,
I think everybody would agree that annually is a good time frame, tohave it as a minimum. You could also make it less than that
every six months, every month. Whatever the case may be to be a pickle in your organization.
Our next lecture, we're gonna look at more general policies. The email security policy will be next
and, as always, questions a clarification
ivory message. My user name is that Troy Lemaire and thank you for attending this side. Very training