Information Technology Reference
In-Depth Information
9
Faculty Reporting System
High
Critical
10
Network Servers
High
Critical
Figure 9.1 List of Assets
The IS auditor, when auditing disaster recovery, will be looking for evidence on how IT op-
erations are being carried out in relation to disaster recovery. The IT function will provide
various documentation including the disaster recovery plan for review by the IS auditor. It
is recommended that the IS auditor carries out further tests by reviewing information gen-
erated by various disaster recovery systems and processes.
The disaster recovery plan is a good source of information when assessing whether the plan
is working or not. The IS auditor would be interested in finding out if the DRP was ap-
proved by management, the composition of the DRP team, contact information for team
members, recovery tests carried out so far, and if the plan is based on best practice such as
an international disaster recovery standard.
Data Backup and Restoration
Enterprises, by virtue of their operations, generate and use vast amounts of data. This data
is vital to the operations of the enterprise such that the data should be available to staff and
customers all the time. Lack of availability of data could mean that the enterprise would
not be able to provide the required services to its customers. In order to ensure that data
is available in the event of a disaster, such as loss of data through deliberate deletion, disk
storage corruption, or infection from viruses, the enterprise should put in place measures
which will enable the enterprise to recover lost data in the shortest possible time.
One of the measures enterprises would develop and implement to secure data is to ensure
that backup of data is done as frequently as possible and also having the ability to restore
the data in the event of a disaster. Ability to restore data is as important as taking backups.
An enterprise needs to ensure that procedures are in place for performing backups as well
as for restoring backups.
There are different types of backup systems which enterprises can use. These range from
simple copy and paste systems to large and complex backup systems used by multinational
corporations. These backup systems have various levels of automation. Some backup sys-
tems are highly automated that they are able to take backups with minimum intervention.
In most desktop and server operating systems, you will find backup utilities which can be
used to backup data generated by the operating system or application software. Backing up
data using these applications would be from disk to disk, disk to tape, and disk to network
Search WWH ::
Custom Search