Re: Backups - Offsite solutions -Security Regulations

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: Main PLUG discussion list
Subject: Re: Backups - Offsite solutions -Security Regulations
Am 30. Mar, 2007 schwätzte Bryan O'Neal so:

moin moin Bryan,

> I have a financial broker that needs offsite backups, but as a financial
> institution they have more sensitive information then I am used to
> dealing with out side the confines of the government and I am not sure
> what needs to be done (legal speaking) to protect the data. I would


Contact George Toft, www.GeorgeToft.com. He does some consulting in this
area. He also recently gave a presentation on compliance at LOPSA's
Sysadmin Days.

> like to slap some cheep server in a cheep colo with an encrypted drive


Cheap server and cheap colo don't make me think secure.

> and just pump automated backups over an ssh tunnel using rsync (Like I
> do for my companies backups) but I do not know if there are any specific
> security (Physical and encryption) rules that I need to meet. Rite now
> my companies back up server rotates through the homes of the key
> players, but I don't think that is a good idea for a machine that holds
> non-public information.


If you're storing credit card info the credit card corps have requirements
as well as what the government requires. Also, in December some new
requirements went into effect for .az.us. George covered that in his LOPSA
presentation.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/        http://www.CiscoLearning.org/
#  "Science is like sex: sometimes something useful comes out, but
#  that is not the reason we are doing it." -- Richard Feynman
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss