2.3 : Protecting Stored Information and Backup Flashcards
In what form does Information systems stored information
Primarily in the form of databases and flat files
How Stored information are protected
- Access Controls
* Access logging
protection of backup media
Always encrypt backup media so data it contained can not be easily retrieved by third party if the media is lost
Where to store backup Media
For disaster protection, backup media should be stored at a location away from the original data.
Security of the off-site storage facility
Should be as good as the security in the original location, so that protected information is not more vulnerable at the off-site facility.
Why should the organization occasionally test backup media and data restoration software?
To make sure that data is actually being backed up onto the backup media and that it an be retrieved.
Inventory of backup Media
A periodic inventory of all backup media, including media at the off-site location should be performed. The result of each inventory should be recorded and any anomalies corrected
Loss of one or more media backup during an inventory
- If lost media is encrypted, document it.
* If the lost media is not encrypted, it should be considered as a security incident.
What is a patch Management
IT operational process whereby security and functionality patches are OBTAINED, TESTED, and INSTALLED on information systems.
What is the purpose of a patch Management
To keep systems running on currently supported vendor software and to ensure that all known security vulnerabilities are closed and software defects fixed.
What need to take place after an organization chooses to install only the most important patches and not all patches
A security analyst will need to perform a risk analysis each time a security patch is released so that a formal determination of need can be established.
What is recommended of patches before installing them
Organization should first test patches on test environments prior to installing them on production systems.
