ebook img

Data protection: governance, risk management, and compliance PDF

331 Pages·2009·3.088 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Data protection: governance, risk management, and compliance

Hill_Title.fm Page i Wednesday, May 6, 2009 1:22 PM DATA PROTECTION GOVERNANCE, RISK MANAGEMENT, and COMPLIANCE Hill_Title.fm Page ii Wednesday, May 6, 2009 1:22 PM Hill_Title.fm Page iii Wednesday, May 6, 2009 1:22 PM DATA PROTECTION GOVERNANCE, RISK MANAGEMENT, and COMPLIANCE Hill_Title.fm Page iv Wednesday, May 6, 2009 1:22 PM CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2010 by David G Hill CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed in the United States of America on acid-free paper 10 9 8 7 6 5 4 3 2 1 International Standard Book Number: 978-1-4398-0692-0 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information stor- age or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copy- right.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that pro- vides licenses and registration for a variety of users. For organizations that have been granted a pho- tocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Hill_Title.fm Page v Wednesday, May 6, 2009 1:22 PM Dedication To the memory of my parents, David H. and Zona R. Hill, For all that they did for me. Hill_Title.fm Page vi Wednesday, May 6, 2009 1:22 PM HillTOC.fm Page vii Wednesday, May 6, 2009 2:21 PM Contents Preface xix The Sea Change in Data Protection xx Who Should Read This Book xx What Should You Read xxii Acknowledgments xxiii About the Author xxv Chapter 1 The Time Has Come for Change 1 1.1 What to Look for in This Chapter 1 1.2 Why Data Protection Is Important 1 1.3 What Data Protection Is 2 1.4 Data Protection Has to Be Placed in the Right Framework 3 1.5 Evolving to the Governance, Risk Management, and Compliance Framework 4 1.6 Ride the Sea Change in Data Protection 4 1.7 How to Read This Book 5 1.8 An Aside on Process Management 7 1.9 Key Takeaways 7 Chapter 2 Business Continuity: The First Foundation for Data Protection 9 2.1 What to Look for in This Chapter 9 2.2 Business Continuity as a Key to Risk Management 9 2.3 Business Continuity and Data Protection 10 2.4 Business Continuity Is Not Just Disaster Recovery 11 2.5 Disaster Recovery: Let’s Get Physical 14 2.6 Operational Recovery: Think Logically 16 vii HillTOC.fm Page viii Wednesday, May 6, 2009 2:21 PM viii Data Protection: Governance, Risk Management, and Compliance 2.7 Disaster Recovery Requires Judgment; Operational Recovery Requires Automation 17 2.8 Logical Data Protection Gets Short Shift in Business Continuity 19 2.8.1 Logical Problems Feature Prominently in Data Loss or Downtime 20 2.8.2 Logical Data Protection Problems Manifest in a Number of Ways 20 2.9 Do Not Neglect Any Facet of Data Protection 22 2.10 Key Takeaways 22 Chapter 3 Data Protection—Where the Problems Lie 25 3.1 What to Look for in This Chapter 25 3.2 Data Protection as It Was in the Beginning 25 3.3 Typical Data Protection Technology Today Still Leaves a Lot to Be Desired 29 3.3.1 Operational Continuity/Physical: Generally Strong, but Some Improvement Needed 31 3.3.2 Operational Continuity/Logical: More Attention Needs to Be Paid to Logical Data Protection 32 3.3.3 Disaster Continuity/Physical: Done Well, but Cost and Distance Are Issues 32 3.3.4 Disaster Continuity/Logical: The Danger of Being Under Protected May Be Very Real 34 3.4 Summing Up Data Protection Challenges by Category 34 3.5 Key Takeaways 36 Chapter 4 Data Protection—Setting the Right Objectives 37 4.1 What to Look for in This Chapter 37 4.2 How High Is High Enough for Data Availability? 37 4.3 SNIA’s Data Value Classification: A Point of Departure 39 4.4 Do Not Equate Availability with Value 41 4.5 Availability Objectives for Operational Recovery and Disaster Recovery Are Not Necessarily the Same 44 HillTOC.fm Page ix Wednesday, May 6, 2009 2:21 PM Contents ix 4.6 Availability Is Not the Only Data Protection Objective 45 4.7 All Primary Data Protection Objectives Have to Be Met 47 4.8 Key Takeaways 48 Chapter 5 Data Protection—Getting the Right Degree 49 5.1 What to Look for in This Chapter 49 5.2 General Use Classes of Data 49 5.2.1 Tape Is a Special Case 50 5.2.2 Understanding Degrees of Data Protection 51 5.3 The Third Degree—Levels of Exposure 52 5.3.1 Mapping Degrees of Protection 52 5.4 Key Takeaways 54 Chapter 6 Information Lifecycle Management Changes the Data Protection Technology Mix 57 6.1 What to Look for in This Chapter 57 6.2 Why Data Lifecycle Management Is Not Enough—The Need for Metadata and Management 59 6.3 ILM Is Deep into Logical Pools of Storage 60 6.3.1 Logical Storage Pools at a High Level 61 6.3.2 Moving Information Across Pools—A Distillation Process 62 6.4 Archiving Through a New Lens 62 6.4.1 Archiving: The Makeover 64 6.4.2 Protecting Archived Data 66 6.5 Active Archiving and Deep Archiving 66 6.5.1 Active Archiving Requires Active Archive Management 67 6.5.2 Long-Term Archiving as Part of an Active Archive 68 6.6 ILM Changes the Data Protection Technology Mix 69 6.7 Key Takeaways 70 Chapter 7 Compliance: A Key Piece of the GRC Puzzle 73 7.1 What to Look for in This Chapter 73 7.2 What Compliance Is All About 73

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.