Security Issues

The specification states - you should be able to:

Explain why data is archived;
Explain the need for backup and recovery
Evaluate methods of backup: full backup, differential backup and incremental backup;
Explain the purpose of a disaster recovery plan;
Describe the contents of a typical disaster recovery plan;

Why is data archived?

An archive is the storage of information for a long period of time. Archived data consists of information that is still important to the organisation but it may not be of immediate use or it may be important for future reference. It may also consist of data which must be retained for a period of time in order to comply with legislation or for auditing purposes.

Data stored in archive will most likely be compressed so as to take up less space. It may also be stored on a cheaper storage medium such as optical discs. Data stored in archive must still be accessible to the end user if the need so arises and as such it may be indexed to facilitate easy location and retrieval of desired files or data items.

[CCEA Fact File]

The importance of backup

The backup process is the process of making copies of software or data in case the originals are lost or damaged. Having appropriate backup means that if a system failure occurs then the system or data can be rebuilt with accuracy.

Following a system failure or data corruption the backup will allow the corrupt or lost data to be replaced using copies from the backup process.

[CCEA Fact File]

4 (a) An organisation has developed a disaster recovery plan for its computerised information system. (i) Explain why the organisation needs a disaster recovery plan. [3]

If a natural disaster/flood etc. occurs
... a business must be able to operate as normally as possible/in emergency mode.
... until the emergency/disaster is over.
Critical or key data/processes/personnel identified/risks will be identified.
The backup and recovery method will be described.
An alternative location will be identified from which they can operate.

[CCEA 2024 Q4 a i]

methods of backup

It is expected that backups should be made on a regular basis so that any updates or changes made since the last backup can also be accounted for.

[Table from CCEA Fact File]

Past Paper Questions on Backup Methods:

4 a (ii) The disaster recovery plan describes the backup method to be used. Explain the difference between a differential backup and an incremental backup. Differential backup & Incremental backup [4]

Differential backup:

Backs up all data/files which have changed
… since the last full backup

2 × [1]

Incremental backup:

Backs up data/files which have changed since the last backup,
whether full backup or incremental backup

2 × [1]

[CCEA 2024 Q4 a ii]

3 (b) A company’s backup procedure is as follows: An incremental backup is performed daily. A full backup is performed every month Describe how the company’s data will be recovered. [6]

Incremental backup: This will make a copy of those datafiles that have changed since the last backup which may have been a full backup or an incremental backup.
Full backup: This will make a copy of all datafiles and provides a complete snapshot of data at time of backup.
Data recovery: Firstly, data from the previous month’s full backup will be restored. Then, the daily incremental backups since the last full backup will be restored/applied to the recovered data in reverse order to the order in which the incremental backups were performed.

[CCEA 2019 Q3b]

4. A particular organisation decides to use a combination of full backups and differential backups. (d) Evaluate the organisation’s decision. [9]

Differential backup: Data files which have changed

…since the last full backup are copied.
The regular backup procedure consists of a differential backup.
Full backups are done less frequently.

Advantages

This is an efficient process as differential backup do not take as long.
The amount of disk space used by differential images is significantly less than that of a full image.
Only two image files are required to restore the system.

Disadvantages

If the system fails and data has to be recovered
…the recovery process is more complicated.
The last full backup has to be restored first
…followed by all subsequent differential backups.
The longer the time between the full and the differential, the larger the differential image file will be and the longer it will take to create.

[CCEA Specimen Q4 d]

Disaster Recovery plan

A disaster recovery plan is a document which details the procedures associated with the recovery of and protection of an IT system in the event of any kind of disaster.

A good disaster recovery plan will incorporate a set of procedures to support the recovery of or continuation of vital technology infrastructure following natural, environmental or man-made disasters.

A well designed disaster recovery plan will take into consideration the processing and operational needs of the organisation in addition to considering the potential problems their IT systems might be exposed to.

[CCEA Fact File]

contents of a Disaster Recovery plan

A disaster recovery plan will contain, at the very least, the following:–

The potential causes of the disaster - details of likely causes of potential disasters, for example, it may identify concerns relating to fire, theft of data or hardware, problems associated with continued power loss or telecommunication failure.
Assumptions being made in the writing of the plan, for example there is the assumption that all relevant staff involved in the implementation of the recovery plan is available to support its implementation.
The scope of the plan – it will identify the areas of the infrastructure covered by the plan. In the identification of the scope of the plan it may also detail the areas of the organisation supported by the services being identified, the impact of potential disaster to that area of the organisation and a priority for recovery for each of the areas.
Policies to support continuity of the infrastructure in areas identified in the scope of the plan.
Staff with responsibility for ensuring adherence to each area of the plan.
Plan of action - in addition to identifying the staff members or teams with responsibility for the recovery of each area of the organisations infrastructure, the plan will also identify the steps they need to take to ensure recovery. The plan of action may contain details of steps to be taken within a given time frame from immediate steps to steps to be taken at intermediate stages during the recovery stages to on-going steps to be taken following the disaster and recovery from it.
Revision and testing plan - any disaster recovery plan should be tested and reviewed on a regular basis.

[CCEA Fact File]

4 (c) Describe the contents of a disaster recovery plan. [4]

It will describe how the organisation will continue to function after a natural disaster.
It will identify the main risks to the organisation from possible disasters.
It will identify critical data.
It will identify recovery method to be used.
It will identify critical data processing operations.
It will identify key personnel.
It will ensure personnel continue to have access to the organisation’s computer systems.
It will specify the procedures to be performed if a disaster occurs.
It may identify an alternative location where the organisation could operate until the threat/damage is over.

[CCEA Specimen Q4 c]

Exam Top tips

Not asked every year. Not asked in 2023, 2022, 2021.

Previous questions have focused on Disaster recovery plan and explanation of backup methods.

Archiving Data has never been asked before.

Past Paper Questions

AS1 Security Issues Past Paper Questions.pptx

Page updated

Report abuse