Measures to reduce security threats - general controls
Contingency planning

• It is desirable for an organisation to prepare for a major disaster. This is called a "contingency plan" and its purpose is to enable the organisation to process data while computer equipment is being replaced and computer files are being reconstructed.
• Elements in the disaster plan include alternative methods of data collection the use of alternative computer equipment the use of backup computer files temporary distribution of information
• With respect to data corruption, data-file and database backup plans are devised, backup, recovery and emergency procedures exist

For example;

• Grandfather-father-son: typically used with sequential systems.
• Fall back and recovery: periodically the contents of files are copied onto a backup medium. If files are destroyed, the contents are reconstructed from the backup plus the transaction log or file.

With respect to possible hardware failure

• Backups of all master files are taken at appropriate intervals (perhaps every Friday night, perhaps with every update). This may not be a full copy of the file but just those changes, which have been made since the last backup.
• Copies of transaction files are kept for a given length of time eg 4 weeks.
• Lists of masterfile information may be printed regularly and held in the safe (ie on hardcopy)
• Different generations of important files are kept in different places - eg first level, a safe in the computer room, second level, a safe in the main office, third level, a safe in the building across the road.
  NB: this must be well documented so the correct transactions are matched against the correct master when the recovery runs are under way - and none of this is any use unless the door to the fireproof safe is actually shut.
• In on-line, real-time processing, actual duplicate copies of the master file may be necessary, with the duplication being enacted every 5 minutes, and every transaction in the meantime being logged; major users would even have 2 processors capable of acting - the second picking up automatically if the first goes down.

Definitions of Backup, fallback, recovery

• Backup:
  Relating to procedures, equipment or data available in the event of failure or overloading.
• Fall-back:
  Backup systems brought into use in an emergency situation, especially the reserve database and programs that would be switched in quickly, or even automatically, in the event of a detected fault in a real-time system.
• Recovery:
  Re-instating backup after an error, or failure has occurred.

[Rev: 24/9/98] 3/9/97 © 1996-98 V/2-Com (Verhaart), P O Box 8415, Havelock North, New Zealand.