Data Recovery Capability is #19 of the Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines and the fourth of five not directly supported by automated measurement and validation. Cymbel provides professional services in support of all five.
Data Recovery Capability as introduced by the SANS 20 Critical Security Controls:
When attackers compromise machines, they often make significant changes to configurations and software. Sometimes attackers also make subtle alterations of data stored on compromised machines, potentially jeopardizing organizational effectiveness with polluted information. When the attackers’ presence is discovered, organizations without a trustworthy data recovery capability can have extreme difficulty removing all aspects of the attacker’s presence on the machine.
Cymbel can help you meet these SANS 20 Critical Security Controls prescribed standards:
- Ensure that each system is automatically backed up on at least a weekly basis, and more often for systems storing sensitive information. To help ensure the ability to rapidly restore a system from backup, make sure that the operating system, application software, and data on a machine are each included in the overall backup procedure. These three components of a system do not have to be included in the same backup file or using the same backup software. However, each must be backed up at least weekly.
- Ensure that backups are encrypted when they are stored locally, as well as when they are moved across the network.
- Backup media, such as hard drives and tapes, should be stored in physically secure, locked facilities.