Scribd Logo
Carica

Benvenuto in Scribd!

  • Backup Controls

    Caricato da

    abbiecdefg
    282 visualizzazioni12 pagine
    CIS

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    CIS

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    282 visualizzazioni12 pagine

    Backup Controls

    Caricato da

    abbiecdefg
    CIS

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 12

    Backup Controls

    Aira Vicencio
    Marian Samiley

    Backup Controls
    A backup is a duplicate of a file
    Backup is the activity of copying files or databases so that they will
    be preserved in case of equipment failure or other catastrophe.
    Controls provide reasonable assurance that data is backed up and
    management procedures are appropriate.

    Controls may not provide reasonable assurance that data is backed up and
    that data management procedures are appropriate. If controls relating to
    data backup and management are not adequate, it increases the risk that:
    (1) Historical records may be unavailable or inaccurate;
    (2) IS&T personnel may not be able to restore and recover systems in the
    event of an operating incident or erroneous processing;
    (3) The procedures that are followed to archive data may not satisfy legal and
    regulatory requirements; and,
    (4) The procedures followed to manage and control data backups may be
    inferior to controls for on-line data leading to sensitive data being damaged,
    lost, modified or inappropriately disclosed.

    Backup Options/Techniques
    The backup technique to be employed in an organization is
    dependent on the media and file structure.
    1. Grandparent-Parent-Child (GPC) Backup
    2. Direct Access File Backup
    3. Off-site Storage

    Grandparent-Parent-Child (GPC) Backup


    Used in the case of sequential file batch system
    The backup procedure begins, when the current master file (the
    parent), is processed against the transaction file, to produce a new
    updated master (child).
    With the next batch of transaction, the child becomes the parent
    (current master file) and the parent becomes the backup
    (grandparent). The new master file that is updated, becomes the
    child.
    This procedure continues, with each new batch of transactions,
    creating a series or generations of backup files.

    When the desired number of backup copies is reached, the oldest


    backup is erased. In this case, if the current master file is deleted,
    then the same can be processed from the current transaction file.
    Number of backup files needed for each application is depedent on
    two factors
    1) the relative sensitivity or importance of the application to the
    organization
    2) The degree file activity (the number of times the master file gets
    updated)

    Direct Access File Backup


    Data values in direct access files are changed in place through a
    process called destructive replacement
    Once a data value is changed, the original value is destroyed leaving
    only one version (the current version) of the file. To provide backup,
    direct access files must be copied before being updated.
    Real-time systems use timed backup. Transactions processed
    between backup runs will need to be reprocessed after restoration
    of the master file.
    In a batch processing system using direct access files, the master file
    is backed up before the update run.

    The time of direct access back up will depend on the processing


    method being used.
    If the current version of the master file is destroyed through a disk
    failure or corrupted by a program error, it can be recontstructed
    with a specila recovery program from the most current backup file.

    Off-site Storage
    As an added safeguard, backup files created under both the GPC
    and direct access approached should be stored off-site in a secure
    location.

    Audit Objective Relating to Flat0file


    Backup
    Verify that backup controls in place are effective in protecting data
    files from physical damage, loss, accidental erasure, and data
    corruption through system failures and program errors.

    Audit Procedures for Testing Flat-file


    Backup Controls
    Sequential File (GFC) Backup. The auditor should select a sample
    o f systems and determine from the system documentation that the
    number of GFC backup files specified for each system is adequate.
    If insufficient backup versions exist, recovery from some types of
    failures may be impossible.
    Backup Transaction Files. The auditor should verify through
    physical observation that transaction files used to reconstruct the
    master files are also retained. Without corresponding transaction
    files, reconstruction is impossible.

    Direct Access File Backup. The auditor should select a sample of


    applications and identify the direct access files being updated in
    each system. From system documentation and through observation,
    the auditor can verify that each of them was copied to tape or disk
    before being updated.
    Off-Site Storage. The auditor should verify the existence and
    adequacy of off-site storage. This audit procedure may be
    performed as part of the review of the disaster recovery plan or
    computer center operations control.

    Potrebbero piacerti anche