S 6.34 Determining the factors influencing data backup

Initiation responsibility: IT Security Management

Implementation responsibility: Administrator; staff responsible for the individual IT applications

The following influential factors must be determined for each IT system, possibly even for each individual IT application of particular significance. The system administrators and persons-in-charge of the various IT applications can be interviewed for this purpose. The results are to be comprehensibly documented.

The following theoretical example is to demonstrate how the influential factors can be determined in practice. This example involves a server-based LAN with 10 PC's connected as workstations. The IT system is used for processing orders with the help of a database. The application data are stored centrally on the network server.

The following individual items need to be established:

Specifying the data to be backed up

The data stock of the IT system (IT application) required to perform the specialised task must be determined. This includes the application and operational software, system data (e.g. initialisation files, macro definitions, configuration data, text blocks, password files, access-right files), the application data as such and the protocol data (log-ins, security violations, data transmissions).

Sample result 1: Specifying the data to be backed up

IT system: Server-based LAN with 10 connected PC's

Data to be backed-up:

• Software: Network operating system, PC operating systems, word processing software, database software etc. in the form of standard software

• System data:

On the network server: System-internal settings (e.g. authorisation structure, passwords)

On the PC's: Initialisation data of the word processing and database software, macro definitions and text blocks

• Application data on the network server: Files of written correspondence, customer database

• Protocol data on the network server: Logs of network activities

Data availability requirements of the IT applications

The availability requirements for the data stated in the first step must now be stipulated. A proven standard here is the maximum permissible downtime (MPD). It specifies the time period during which the specialised task can be performed without the availability of these data and without the need for resorting to backup copies. Consideration must also be given as to whether paper usage would allow short- term continuation of operations without IT support.

Sample result 2: Availability requirements

• Software: MPD 1 day

• System data:

On the network server: MPD 1 day

On PC's: MPD 1 week (a PC can be dispensed with for up to one week)

• Application data:

Files of written correspondence: MPD 1 week

Customer database: MPD 1 day

• Protocol data: MPD 3 days

Effort required for data reconstruction without data backup

To develop an economically efficient data backup policy, it is necessary to know whether, and how easily, destroyed databases could be reconstructed if backup data were not available. The sources from which the data could be reconstructed should be examined. Examples include documented files, printouts, microfiche, interviews and surveys.

The financial or operational effort required by a data registration crew should be calculated in terms of working days (WD).

Sample result 3: Reconstruction requirement

Software:

Retrieval through purchase and subsequent installation within 24 hours (provided original software is no longer available)

System data:

On the network server: manual reconstruction: 1 WD

On PC's: 1 WD

Application data:

Files of written correspondence: Selective registration on paper: 10 WD; (complete registration of written correspondence is not necessary)

Customer database: Complete registration on paper: 10 WD

Protocol data: Cannot be reconstructed, as no printout on paper is possible

Data volumes

A decisive factor in determining selection of the storage medium is the volume of data to be backed up. The required specification is based purely on the data to be backed up and is stated in megabytes (MB).

Sample result 4: Data volumes

Software: 100 MB

System data:

On the network server: 2 MB

On PC's: 0.3 MB

Application data:

Files of written correspondence: 100 MB

Customer database: 10 MB

Protocol data: 10 MB (weekly check in addition to erasure)

Modification volumes

To establish the frequency of data backup and an adequate backup procedure, the volume of data which is modified over a certain time period must be known. MB/week can conceivably be used as units here. Statements are also necessary as to whether the contents of existing files change or whether new files are generated .

Sample result 5: Modification volumes

Software: An average of 50 MB on version replacement, once a year at most

System data:

On the network server: 0,1 MB/week

On PC's: 0,1 MB/week

Application data:

Files of written correspondence: 1 MB/week generated by new files

Customer database: 10 MB/week generated by changes in the database (the data base can only be saved in its entirety).

Protocol data: 10 MB/week

Modification times

In some IT applications, data modifications take place only at certain times, e.g. bookkeeping at the end of the month. In such cases, data backup is only useful immediately after these points in time. For this reason, it should be specified as to whether the data to be backed up is modified daily, weekly or at other intervals.

Sample result 6: Modification times

Software: Modification only on a change of version

System data: Frequent modifications

Application data:

Files of written correspondence: Daily modifications

Customer database: Daily modifications

Protocol data: Continuous modifications

Deadlines

It should be clarified as to whether certain deadlines must be observed for the data. This can involve storage or deletion deadlines relating to person-related data. These deadlines must be considered when laying down the data backup policy.

Sample result 7: Deadlines

Software: Storage not necessary

System data: Storage not necessary

Application data:

Files of written correspondence: storage period for accounting documents is six years (§257 HGB), an annual data backup should be stored for this period

Customer database: Storage not necessary; deletion deadlines are to be observed in accordance with Federal Data Privacy Laws (§ 20 and § 35)

Protocol data:

After weekly evaluation of the protocol data, 2 MB must be stored regularly for one year or until checks are conducted by the Data Privacy Officer.

Confidentiality requirements

The confidentiality requirement of a file also applies to any backup copy. When adding backup copies with the same confidentiality requirement on to one data medium, this can result in an increased confidentiality requirement of the data stored. Consequently, specifications must be made as to the confidentiality requirements of the individual data blocks needing backup, as well as the data combinations which have a higher degree of confidentiality than the original data.

Sample result 8: Confidentiality requirements

Software:

Low confidentiality requirement as these are publicly available data, only copyright regulations must be observed

System data:

On the network server: medium-level confidentiality (passwords are stored in the encrypted form)

On PC's: Not confidential

Application data:

Files of written correspondence: Individual files are of medium-level confidentiality; all the data together are of high-level confidentiality

Customer database: High-level confidentiality

Protocol data:

High-level confidentiality (data disclosing personality profiles)

Integrity requirements

Data backups must ensure that data are stored integrally and not modified during the period of storage. The importance of this increases with the integrity requirements of the data in question. The integrity requirements of the data to be backed up must therefore be stated.

Sample result 9: Integrity requirements

Software: The software must meet high integrity requirements

System data:

On the network server: High-level integrity requirements (due to rights administration)

On PC's: High-level integrity requirements

Application data:

Files of written correspondence: Individual files have medium-level integrity requirements

Customer database: High-level integrity requirements

Protocol data:

Before evaluation, these data have high-level integrity requirements; following evaluation, the data still requiring storage have medium-level integrity requirements

Knowledge and data-processing competence of IT users

To determine whether IT users, specially appointed employees or the system administrators are to carry out data backups, the knowledge and data processing capabilities of IT users as well as the tools available to them must be given primary consideration. If the time required by IT users for carrying out data backups is too long, this should be stated.

Sample result 10: Knowledge

Network administrators possess sufficient knowledge to carry out data backups on network servers. IT users of PC's possess sufficient knowledge and competence to independently perform backups of the PC system data.

Additional controls:

• Are system administrators as well as IT users considered during the determination of influential factors?

• How are these stipulations updated?

• Are new requirements incorporated promptly in the updating of the data backup policy?