|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT-user
The requirements of S 6.32 Regular data backup should generally be observed. The following example demonstrates effective data-backup on a PC.
In accordance with the three-generations principle (three different data backups are made before the first is overwritten), all application data and the configuration data of the used software must be saved, at weekly intervals, on externally storable or externally held data media (floppy disks, removable hard disks, streamer tapes, server). If the data stock to be saved is too voluminous, data backup can be confined to files, the contents of which have changed since the last data backup (incremental backup). In these cases, however, saving of the entire data stock (full backup) must be ensured at the time of every third data backup.
Data backup must be documented; as a minimum, the name of the data medium and the date of the backup is to be recorded, for instance: "BP940518" = backup of 18.05.94. In addition, the parameters selected for data backup must be documented (for documentation, cf. S 2.24 Introduction of a PC Checklist Booklet).
Data backup must be in conformity with the data backup policy, where established (cf. S 6.13 Development of a data backup policy).
If no products are available for easy data backup, system applications such as the DOS command BACKUP can be used. If, with the used program, the data backup can be protected by a password, use should be made of this option. In this case, the password will have to be deposited safely (cf. S 2.22 Depositing of passwords).
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
Januar 2000 |