In this space, we have covered different ways to build an Information Security program utilizing a defense-in-depth approach. The previous articles identified ways to quickly protect your program in a significant manner as well as planning on how to better secure for the future. Unfortunately, zero-day attacks, nation state and APT actors, human error, and IT sprawl continually add complexity, cost, and chaos to protecting your environment.
If the protections that have been put in place fail, the final stop gap in protecting the business is your Business Continuity (BC), Disaster Recovery (DR), Incident Response Plan (IRP).
As these plans are created, keep in mind things like recovery time objective (RTO) and recovery point objective (RPO). RTO is the maximum length of time that an organization expects to return to normal operations after an outage. RPO on the other hand is the maximum amount of data loss the organization can handle.
- Business Continuity focuses on keeping an organization operational during a disaster
- Disaster Recovery for restoring data access and IT infrastructure
- Incident Response Plan everything you would do in an incident kept in a manner accessible when systems are down such as redundant, encrypted USB’s.
The next steps should include identifying critical data and systems that need to be protected, determining the appropriate method for backing up these systems, as well as a routine schedule of creating and testing backups.
There are many different types of backups that can be performed based on how long the data will be stored, how quickly it would need to be recovered, and RTO/RPO.
Cloud backup systems typically offer 3 tiers of backup site based on how they are prepared and how quickly they need to be operational. An ‘air-gapped‘ backup is completely disconnected from the network so that it is not impacted by any disaster.
Now that you have a plan and backups are being performed, there’s still the final step of routine testing of backup files to ensure that you can restore essential data when it’s needed.