US-CERT states that all computer users, from home users to professional information security officers, should back up the critical data they have on their desktops, laptops, servers, and even mobile devices to protect it from loss or corruption. Saving just one backup file may not be enough to safeguard your information. To increase your chances of recovering lost or corrupted data, follow the 3-2-1 rule:
3 – Keep 3 copies of any important file: 1 primary and 2 backups.
2 – Keep the files on 2 different media types to protect against different types of hazards.
1 – Store 1 copy offsite (e.g., outside your home or business facility).
(Source)
This disaster recovery checklist will help you implement your plan in an easy-to-follow format. This link from DataONE provides a list of data backup best practices. This link provides best practices for creating and documenting a backup policy. This blog post discusses disaster recovery testing of data backups. This provides a response to an FAQ regarding protection of CUI at rest through physical and logical protections other than encryption. Gartner product listing and reviews of data backup and recovery solutions This article discusses what disaster recovery testing is and how to conduct tests that yield useful and actionable results. If you want to back up the data on your PC, here are five ways you can do so. Each method has its pros and cons. Here are eight ways to protect your organization’s backup data from ransomware attacks. This NIST Special Publication defines a seven-step contingency planning process that an organization may apply. NIST resource that defines requirements for system backup activities. NIST resource that define requirements for proper protection of information at rest (e.g, encryption, off-line storage, physical protection) This webpage from ready.gov provides resources for Information Technology Disaster Recovery Planning. This SANS whitepaper discusses issues that need to be addressed when considering an online backup platform and if it is worth the risk to the user. This article describes the importance of backup identification and proper testing of those backups to ensure successful recovery in the event of an incident This blog post discusses need to test backups and how to effectively do so. This article examines the ten most important steps for testing data backups. This article defines Disaster Recovery as a Service (DRaaS) which may provide a viable option to organizations that are resource constrained to perform complete, comprehensive and resilient data backups. This example standard describes and defines data backups in the context of disaster recovery planning. This example policy documents data backup and recovery procedures, protocols, and standards. It covers the data backup schedule, backup protocols, backup retention, and data recovery. This paper summarizes the pros, cons, and security considerations of backup options for critical personal and business data.
This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC). This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171. This NIST Special Publication helps organizations in designing, developing, conducting, and evaluating test, training, and exercise events.