Module 9: Data Protection & Recovery

Glossary of Terms

A comprehensive approach to securing information from corruption, compromise, or loss, ensuring its confidentiality, integrity, and availability.

The different forms data can be in. Data at Rest is stored data, Data in Transit is data moving across a network, and Data in Use is data being processed by an application.

The process of converting data into a coded format (ciphertext) that can only be read with a specific key. Symmetric encryption uses one key for both encryption and decryption, while Asymmetric encryption uses a public key to encrypt and a private key to decrypt.

A one-way process that transforms data into a fixed-size string of characters. It's used to verify data integrity and store passwords securely.

The process of replacing sensitive data with a non-sensitive equivalent, referred to as a "token," that has no extrinsic or exploitable meaning or value.

The concept that digital data is subject to the laws of the country in which it is physically located.

The ability to anticipate, withstand, recover from, and adapt to adverse cyber events and disruptions.

A system design approach that ensures a high level of operational performance, usually uptime, for a higher than normal period. It relies on redundancy to eliminate single points of failure.

Distributing network or application traffic across multiple servers to ensure no single server becomes a bottleneck, improving responsiveness and availability.

A group of servers that work together as a single system to provide high availability. If one server fails, another in the cluster takes over its workload.

The process of creating a copy of data that can be recovered in the event of a primary data failure. Types include Full, Incremental, and Differential.

A documented, structured approach with instructions for responding to unplanned incidents. It focuses on restoring IT systems and data.

The maximum acceptable length of time that a system can be down after a failure or disaster occurs. It answers the question: "How quickly do we need to be back up?"

The maximum acceptable amount of data loss an organization can tolerate. It answers the question: "How much data can we afford to lose?"

A data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.

Data Protection & Resilience

The Pillars of Data Protection

Effective data protection is built upon ensuring three core principles, often called the CIA Triad.

Confidentiality: Preventing the unauthorized disclosure of information. Key tools include encryption and access controls.
Integrity: Maintaining the accuracy and consistency of data over its entire lifecycle. Key tools include hashing and file integrity monitoring.
Availability: Ensuring that data is accessible and usable upon demand by an authorized user. Key tools include redundancy, backups, and high-availability systems.

Data Classification & Types

Not all data is created equal. To protect it properly, you must first understand what you have. Data is classified based on its sensitivity.

Public: Information intended for public consumption.
Confidential/Restricted: Information that would cause harm to the organization if disclosed.
Sensitive/Private: Highly sensitive personal data (PII, PHI) protected by regulations like GDPR and HIPAA.
Critical: Data essential for the survival and operation of the organization.

Building Cyber Resilience

Resilience is about more than just preventing attacks; it's about being able to withstand and recover from them. This is built into the security architecture.

High Availability (HA): Uses redundancy to eliminate single points of failure. This is often achieved through:
- Load Balancing: Spreads traffic across multiple servers. If one server fails, the load balancer redirects its traffic to healthy servers.
- Clustering: Groups servers together to act as a single system. If one "node" in the cluster fails, another takes over its processes seamlessly.
Platform Diversity: Using different hardware or software platforms for primary and backup systems to prevent a single vulnerability from affecting both.
Multi-Cloud Systems: Distributing applications across multiple cloud providers to avoid a single point of failure if one provider has an outage.

Backup & Recovery

Backup Strategies

A robust backup strategy is the foundation of data recovery. Key strategies include:

Backup Types:
- Full Backup: A complete copy of all data. It is the most complete but also the most time and storage-intensive.
- Incremental Backup: Backs up only the data that has changed since the *last backup* (of any type). Restores require the last full backup plus all subsequent incremental backups.
- Differential Backup: Backs up only the data that has changed since the *last full backup*. Restores are faster than incremental, requiring only the last full backup and the last differential backup.
The 3-2-1 Rule: A widely accepted best practice.
- Keep at least 3 copies of your data.
- Store the copies on 2 different media.
- Keep 1 copy offsite.

Disaster Recovery (DR) Planning

A Disaster Recovery Plan (DRP) is the detailed playbook for how to restore IT operations after a major disruption.

RTO and RPO: These two metrics define the goals of the DRP. RTO (Recovery Time Objective) dictates the maximum acceptable downtime. RPO (Recovery Point Objective) dictates the maximum acceptable data loss.
Recovery Sites:
- Hot Site: A fully equipped and operational duplicate of the primary site, ready for immediate failover. (RTO in minutes/hours).
- Warm Site: Partially equipped with some infrastructure, but requires data to be restored. (RTO in hours/days).
- Cold Site: A basic facility with power and cooling, but no equipment. Requires full setup. (RTO in days/weeks).
Testing: A plan that isn't tested is just a document. Regular testing (e.g., tabletop exercises, failover tests) is essential to ensure the DRP actually works.