Backups - Offsite solutions -Security Regulations

[der.hans]

Am 30. Mar, 2007 schwätzte Bryan O'Neal so:

moin moin Bryan,

> I have a financial broker that needs offsite backups, but as a financial
> institution they have more sensitive information then I am used to
> dealing with out side the confines of the government and I am not sure
> what needs to be done (legal speaking) to protect the data.  I would

Contact George Toft, www.GeorgeToft.com. He does some consulting in this
area. He also recently gave a presentation on compliance at LOPSA's
Sysadmin Days.

> like to slap some cheep server in a cheep colo with an encrypted drive

Cheap server and cheap colo don't make me think secure.

> and just pump automated backups over an ssh tunnel using rsync (Like I
> do for my companies backups) but I do not know if there are any specific
> security (Physical and encryption) rules that I need to meet.  Rite now
> my companies back up server rotates through the homes of the key
> players, but I don't think that is a good idea for a machine that holds
> non-public information.

If you're storing credit card info the credit card corps have requirements
as well as what the government requires. Also, in December some new
requirements went into effect for .az.us. George covered that in his LOPSA
presentation.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/        http://www.CiscoLearning.org/
#  "Science is like sex: sometimes something useful comes out, but
#  that is not the reason we are doing it." -- Richard Feynman