Time
2 hours 23 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Hello and welcome back to I t Security Policy training here on Cyber Eri.
00:04
This is still part of macho to this is the data backup policy with Troy Lemaire.
00:11
So the learning objective for this data backup policy is looking at the direction, the schedule and the testing of the data backup policy.
00:21
But we're gonna look at this template that was created by health fatigue dot gov
00:26
purposes establishing implement policies and procedures for backing up all data to ensure recover ability in case of a damaged system.
00:33
Policy applies to all employees and affiliates
00:36
and the practice Are the company on the direction of security Officer shall implement a backup plan to create maintain retrievable copies of pH. I. If you don't have pH I within your organization, you can just say exact copies of systems.
00:49
But this is where it goes into the actual scheduling that they're looking for. The conclusion of each day Monday through Friday in incremental backup of all servers shall be backed up to tape. If you don't use tape and you have digital offside or onside, you would want to fill it with that information. Saturdays would be a full backup So you'd want to look at this and put it in
01:07
to the context of your schedule that you want tohave within your organization.
01:11
Then you have one month of backup. Data will be maintained at all at all times in a remote location.
01:18
Back of me is no longer in service. Will be. Suppose up with the disposal of
01:22
external median hardware policy
01:26
Security officer shall monitor storage removal backups and ensure our all AP pickle access, controls and force.
01:33
And the suit officer shall test back a procedure on an annual basis ensure the exact copies of the data can be retrieved and made available.
01:41
So in regards to this policy, the things you again you want to look at is what, here, your schedules that you have for your backup.
01:47
What is your media that you're using? Whether it's tape or it's Elektronik,
01:52
how long you want to keep the data to have as an archive
01:57
and then the monitoring and storage of the backup, And then what is gonna be your testing procedures that you're gonna have
02:04
where you test make sure these backups are actually good and able to be used
02:12
again? Same policy compliance the SEC teams gonna verify the compliance,
02:17
exceptions must be approved in advance.
02:20
And then any employee found violating policy could be subject to disciplinary action up to and including termination of employment.
02:29
In summary. Today's reflector We talked about direction, schedule and testing of the data backup policy.
02:37
Quick recap question under direction of whom should have data backup plan be implemented,
02:43
and that would be the security officer or who has ever is designated as the person that is going to be responsible for making sure this plan is implemented?
02:53
Other recap. Question. How often should the back of procedures be tested? At a minimum,
02:58
I think everybody would agree that annually is a good time frame, tohave it as a minimum. You could also make it less than that
03:05
every six months, every month. Whatever the case may be to be a pickle in your organization.
03:13
Our next lecture, we're gonna look at more general policies. The email security policy will be next
03:19
and, as always, questions a clarification
03:22
ivory message. My user name is that Troy Lemaire and thank you for attending this side. Very training

Up Next

Introduction to IT Security Policy

Introduction to IT Security Policy, available from Cybrary, can equip you with the knowledge and expertise to be able to create and implement IT Security Policies in your organization.

Instructed By

Instructor Profile Image
Troy LeMaire
IT Security Officer at Acadian Ambulance
Instructor