1. Introduction

Basic business continuity planning and disaster recovery procedures include periodic monitoring (control) of resource integrity and periodic backup [1–4].

© 2016 The Author(s). Licensee InTech. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and eproduction in any medium, provided the original work is properly cited. © 2018 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Requirements for periodic monitoring and backup established by current regulatory documents are briefly described subsequently.

2.2. Periodic backup parameters

of RPO defines the backup frequency (Figure 1).

Figure 1. Diagram of the system operation and incident recovery.

Cyber Essentials Scheme Requirements for basic technical protection from

Table 2. Requirements for backup frequency.

cyber attacks

1

Document name Requirements for

ISA 62443–3-3:2013 + — ISO/IEC 15408 + — ISO/IEC 27001:2013/ ISO/IEC 27002:2013 + — Australian Government Information Security Manual Controls + + The IT-Grundschutz Catalogs + —

GOST R 56939 + — Information Security Provisions in Federal Information Systems + — Requirements for Information Security in Process Control Systems + — NIST SP 800–53/NIST SP 800–34 + — Framework for Improving Critical Infrastructure Cybersecurity<sup>1</sup> + —

www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

periodic backup

Periodic Monitoring and Recovery of Resources in Information Systems

http://dx.doi.org/10.5772/intechopen.75232

215

— —

Quantitative values or calculation formulae

In practice [1, 2, 4, 5], the main parameter defining the frequency of periodic information backup is the recovery point objective (RPO)—the maximum period of data loss occurring due to an information security incident. The value recovery time objective (RTO) is the period of the information system unavailability in case of the information security incident. The value
