| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
Data Backup, Storage & Restoration
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series introduces how organizations protect their most critical asset — data — through resilient storage, structured backup schemes, and rigorous restoration practices. The session covers the broad principles that IS auditors must understand when evaluating whether an organization can reliably recover its data after any disruptive event.
What this episode covers
- Resilient storage and RAID — how disk arrays combine performance and redundancy, and how replication flavors (synchronous, asynchronous, adaptive) protect against site failure.
- Backup and restoration essentials — planning backups around impact analysis and recovery objectives, and why immutability is a key control.
- Offsite and cloud backup controls — physical and logical protections required for offsite libraries, plus additional considerations specific to cloud backup.
- Backup media and device types — removable versus non-removable media, virtual tape libraries, snapshots, and host-based or array-based replication.
- Backup schemes — full, incremental, and differential approaches and the trade-offs between backup speed and restore speed.
- Rotation and scheduling — grandfather-father-son rotation, automation of scheduling, and what additional items belong offsite beyond raw data.
- Backup testing and the 3-2-1 strategy — why regular documented testing matters and how the three-copy, two-media, one-offsite baseline reduces single points of failure.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is the difference between full, incremental, and differential backups?
A full backup copies everything into one set and is simplest to restore but needs the most time and space. An incremental backup copies only what changed since the last backup, making it fast to create but slow to restore because every increment since the last full backup must be replayed. A differential backup copies everything changed since the last full backup, so only the full plus the latest differential are needed to restore.
What does it mean for a backup to be immutable?
An immutable backup cannot be altered, deleted, or encrypted by anyone, including administrators, once it has been written. This protects backup copies from ransomware attacks that attempt to destroy or encrypt backup data before targeting production systems. Think of it as data set in concrete once written.
What is the grandfather-father-son backup rotation scheme?
Grandfather-father-son is a rotation method where daily backups are the sons, the last backup of each week becomes the father, and the last backup of each month becomes the grandfather. Daily media are reused the following week, while monthly and yearly copies are retained rather than recycled. A key safety rule is not to bring offsite media back until its replacement is safely stored offsite.
What is the 3-2-1 backup strategy?
The 3-2-1 strategy means keeping three copies of data in total, storing them on two different types of media, and keeping at least one copy offsite. This approach reduces the risk from a single point of failure, so a media error or stolen device does not wipe out all copies. Some cloud providers may not offer every part of this approach, so organizations should verify coverage.
Why is backup testing so important for an IS auditor to verify?
An untested backup is just a hope, because testing is the only way to confirm that infrastructure and processes can actually be recovered. Testing also identifies gaps, verifies assumptions, checks timelines, and reviews how personnel perform under realistic conditions. Auditors should also note that a restore test usually runs on a small sample, while a real recovery might pull the entire infrastructure across the network, which could take far longer than the test suggested.
📚 Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Data Backup, Storage & Restoration.