Professional Documents
Culture Documents
Diaster Recovery
Diaster Recovery
The database symbols shown in gray (events 2, 5, 9, and 13—all prior to the event) represent some form
of system and data backup that may have captured the changes to the system as a result of properly
completing the green transactions.
It is events 15 through 21, however, that are in doubt. They may be okay, or they may represent a lack
of integrity if the data was compromised. The database backup symbols in orange, between the time of
the incidence occurrence and it's being detected, are clearly in doubt as to their integrity or safety. They
may contain bogus, corrupted data or they may even contain malware in a variety of forms. Moving
backward in time from the detection of the incident, it's not until we get to that right most gray
database symbol—event 13 the backup just before the incident occurs—that we have our last clean,
trustworthy backup.
Three sets of work that were lost since the incident started to occur can be identified: all transactions or
changes prior to that last good backup that were not part of that backup—if it was an incremental or
partial backup and not a full backup—events 15, 17 through 19 and 21; all transactions and other
changes processed or attempted from that backup forward in time until after the incident was detected,
not started to occur; and all transactions changes, etc. that would normally have been processed from
the time the incident was detected until the system was fully operational again, but were not able to be
processed at all due to the disruption.