Chapter 15 - 03 - Discuss Data Backup, Retention, and Destruction - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Data Security

Module Flow

01 03
Understand Data Security 494
7:4. ¥ /g”"
’ Discuss Data Backup,
Discuss
and its Importance ' Retention, and
)' ) Destruction

)
O”
02 ’ 04
Discuss Various Data /,,4
/,,. ' //
’ Discuss Data Loss
Security Controls Prevention Concepts

Copyright © by EC M.I, All Rights Reserved, Reproduction
Reproduction sis Strictly Prohibited
Prohibitec

Discuss Data Backup, Retention, and Destruction
Data loss is @ major risk that organizations are facing today. Loss of critical data can result in a
lot of damage to the organization. Any organization that encounters a critical data loss has a
higher probability of facing serious issues later. Therefore, you should have a strong data
backup and retention plan in place to deal with such incidents. The objective of this section is to
explain the concept of data backup, retention, and destruction.

Module 15 Page 1849 Certified Cybersecurity Technician Copyright © by EG-Council
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

Introduction to Data Backup

Data backup is the process of making a duplicate copy of
critical data, such as physical (paper) and computer records

It is mainly used for two purposes: to reinstate a system
to its normal working state after damage, or to recover
data and information following data loss or corruption

A successful data backup strategy is necessary to avoid
severe damage to an organization’s assets

Copyright
pyrig
Copyright ©© byby Y All Rights
All [
Rights Reserved, Reproduction
Reserved, P
Reproduction isis Strictly
Strictly Y Prohibited,
Prohibited

Introduction to Data Backup
Data backup is the process of copying or storing important data. A backup copy will help you
restore the original data when data is lost or corrupted. Backup is a mandatory process for all
organizations. The process of retrieving lost files from a backup is known as restoring or
recovery of files.

The main idea behind data backup is to protect data and information and recover the same
after data loss. Data backup is mainly used for two purposes: to reinstate a system to its normal
working state after damage, or to recover data and information following data loss or
corruption.

Data loss in an organization affects its finances, customer relationship, and company data. Data
loss in personal computers may lead to the loss of personal files, images, and other important
documents saved in the system.
Reasons for Data Loss

=* Human error: Deletion of data purposefully or accidently, misplacement of data storage
devices, and errors in administering databases.
= Crimes: Stealing or making modifications to critical data in an organization.
= Natural causes: Power failures, sudden software changes, or hardware damages.

= Natural disaster: Floods, earthquakes, fire, etc.

Benefits of Performing a Data Backup

= |t offers access to critical data even in the event of a disaster, ensuring peace of mind in
a workplace.

Module 15 Page 1850 Certified Cybersecurity Technician Copyright © by EG-Council
EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

= Backup of critical data prevents an organization from losing its business. It also helps
them retrieve data anytime.
= Data recovery helps organizations recover lost data and ensure business continuity.
It is recommended that every organization performs a data backup on a regular schedule to run
their business successfully and efficiently.
To avoid severe damage to an organization’s assets, it is important to design a strategy for a
successful data backup process. Going forward, this data backup strategy can act as a blueprint
while working on the data backup process for the entire organization. Certain companies also
create a data backup policy that is required while implementing a backup strategy.

Module 15 Page 1851 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

Data Backup Strategy/Plan

1 2 3 4
e— — | |
e — |[ 1] S —
—
Identifying the Selecting the backup Selecting a backup Selecting the
critical business data media technology appropriate RAID
levels

S 6 Z 8
Selecting an Selecting the backup Choosing the right Conducting a
appropriate backup types backup solution recovery drill test
method

cll. All Rights Reserved. Reproduction
Reproduction iss Strictly Prohibited

Data Backup Strategy/Plan
An ideal backup strategy includes steps ranging from selecting the right data to conducting a
test data restoration drill. Although the backup strategy might differ among organizations, it is
important to consider the following features before drafting a backup strategy:
*= The backup strategy should have a data recovery feature from any external device.
These devices may include servers, host machines, laptops, etc.

= |f the data loss is because of a natural disaster, the backup strategy should not be
restricted to only a certain number of incidents. The strategy should also cover the
methods for recovering the data after a natural disaster.

= The strategy should include the steps to recover data at the earliest.
= The lower the cost for data recovery, the more the financial benefit to the organization.
= Auto recovery options should be included in the backup strategy as well, as they reduce
the chances of human error during the recovery process.

Steps involved in data backup strategy/plan:
1. Identifying the critical business data 5. Selecting an appropriate backup
2 Selecting the backup media method

3.
3. backup technology
Selecting aa backup
Selecting technology Selecting the
6.6. Selecting backup types
the backup types
44 Selecting the appropriate RAID 7. Choosing the right backup solution
levels 8. Conducting a recovery drill test

Module 15 Page 1852 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Certified Cybersecurity
Certified Cybersecurity Technician
Technician Exam 212-82
Exam 212-82
Data Security
Data Security

ing the Backup Media
Selecting
Select

Data backups
Data backups consume
consume aa large
large amount
amount ofof storage
storage
space. Therefore,
space. Therefore, select
select the
the best
best backup
backup method
method
toto meet
meet the
the organization’s
organization’s requirements
requirements

S ——
L All Rights Reserved. Reproductionis Strictly Prohibited

Selecting the Backup Media
Choosing the best backup media is a a common concern within most organization s. The selection
organizations.
of a wrong media device can lead to a segregation of data across different media devices. With
a carefully considered plan, selecting an appropriate media will enable a better level of data
backup.
Once
Once the media to
the data is identified, it is important to choose an appropriate backup media the
store the
to store
data. Backup media selection depends on the type and amount of data in the backup. At times,
data backup consumes a large amount of space; consequently,
consequently, an increased attention isis
organizational needs.
necessary to select the best backup media for a situation, and to fulfill the organizational
Choosing the best backup media is based on the following factors:
== Cost: The
Cost: Organization should have backup storage mediums that best fit their budget. The
backup media should have more storage space than the data it will contain.
== Reliability: Organizations must be able to rely on the data stored on the backup media
backup media
without fail. Organizations must select a media that is reliable and not susceptible to
damage or loss.
=» Speed:
Speed: Organizations
Organizations should select
select backup mediums which require reduced
require reduced number of
human
human interactions
interactions during
during the
the backup process.
process. Speed
Speed becomes concern ifif
becomes aa concern the backup
the backup
process
process cannot completed when
be completed
cannot be machine is idle.
when aa machine
== Availability:
Availability: The
The unavailability
unavailability ofof the
the backup
backup medium could be
medium could an issue
be an data
following data
issue following
loss
loss or
or data
data corruption.
corruption. Organizations
Organizations should
should decide on
decide medium
on aa medium that always
that isis always
available.
available.
== Usability:
Usability: Organizations
Organizations should media that
select aa media
should select easy toto use.
that isis easy An easy
use. An type
media type
easy media
has
has aa greater
greater flexibility
flexibility during
during the
the backup process.
backup process.

Module
Module 1515 Page
Page 1853
1853 Certified Technician Copyright
Cybersecurity Technician
Certified Cybersecurity EG-Gouncil
Copyright © © byby EC-Gouncil
All Rights
All Rights Reserved.
Reserved. Reproduction
Reproduction isis Strictly
Strictly Prohibited.
Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

Examples of Data Backup Media Devices

Several manual disk swaps may be.‘ ‘ required because of the limited ‘ S/
_{
Optical disks ~200 G8
GB = Affordable, easy to store and data capacity (’
('
(DVD)
(DVD) transport i; -y ovo
oyo—
= Recording and verifying a backup
is slow

= Relatively higher storage
Portable hard capacity than optical disks = More expensive than DVD backups
drives/USB flash NoNo limit = Ideal for the home or small
|deal = Less recommended for small
drives offices backups
*= Faster recording of backups

=* Media
Media for
for enterprise-level
enterprise-level o* G
Expensive
Tape drives No limit backups m
[EE
= Easy to store and transport

Examples of Data Backup Media Devices
= Optical Disks (DVD)
DVD recordable disks can store up to ~200 GB of data and are readily available. DVDs
store more data and are available at affordable rates, in bulk if need be. However, they
are not used as much as in the past, as external hard drives are available at reasonable
prices and can store more data than DVDs.
o Advantage:
e Less expensive, easy to store, and transport
o Disadvantage:
e Several manual disk swaps may be required because of the limited data capacity

e Recording and verifying a backup is slow

= Portable Hard Drives/USB Flash Drives

Portable hard drives are considered a better medium for data backup than a DVD. They
are available in high capacities and can also be used for smaller backups. Flash drives are
available in different sizes and have the ability to store large backup files.

RAID is another available hard drive option. It contains two or more hard drives. The
second drive may be used to copy data stored in the first drive. This process allows
important data to be preserved. Any change in the data will be automatically reflected
in all other drives as well.

Module 15 Page 1854 Certified Cybersecurity Technician Copyright © by EG-Gouncil
EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

o Advantages:

Relatively higher storage capacity than optical disks
Ideal for the home or small offices
Faster recording of backups

o Disadvantages:

Expensive than DVD

Less recommended for small backups
= Tape Drives

A Tape drive is considered as the best media for data backup. It facilitates data backup
atane nterprise level. Tape drives are used for storing programs and data. There is no
limit in storage capacity and can be used to store large amounts of data.
o Advantages:
Media for enterprise-level backups
Easy to store and transport
Requires no user intervention

Tape backup is completely automatic
o Disadvantages:

Expensive for home users
Home computers require additional hardware and software updates

Module 15 Page 1855 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.