IT Baseline Protection Manual S 2.135 Save transfer of data to a database
S 2.135 Save transfer of data to a database
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
In many database systems, it is necessary for applications to take over data from other systems. A basic distinction can be made between the following categories here:
Transfer of initial or old data
This involves the transfer of data from old systems, required when a new database system is procured in order to increase productivity, for example. In this case, the following measures must be specially observed:
The data must be available in a format which is accepted by the destination database
The data must be complete, i.e. data must be available for all the fields of the destination database which need to be filled
The consistency and integrity of the database must be guaranteed
Before data is actually transferred, it is necessary to form a concept describing how the data is to be prepared for the process of transfer, and how this process is to take place. In addition, a full backup of the old data is absolutely necessary. If the data is to be transferred in several steps, an independent data backup should be performed before each step.
Regular transfer of data
If the destination database already contains data which must remain unaltered during the subsequent transmission of additional data, or if new data is transferred to the database at regular intervals, the following measures must be observed:
A full backup of the database must be created before the transfer of new data
If possible, data transfer should take place outside regular operating hours
Users whose activities will be influenced by the impending transfer of data must be informed duly, particularly if availability and response times are likely to be affected
Prior to the initial transfer of new data, it is necessary to form a concept describing how the data is to be prepared for the process of transfer, and how this process is to take place. In particular, this concept must include a description of how to avoid conflicts between the data already existing in the destination database and the data to be transferred, i.e. the extent to which the integrity and consistency of the destination database remain protected. In addition, measures must be taken to prevent multiple transfer of the same data.
Before data is transferred, it is necessary to specify responses to any errors which might occur. For example, this includes ascertaining whether, on the occurrence of a faulty data record, transfer should be continued with the next block or whether the entire process of transfer should be aborted. Furthermore, it is necessary to determine the manner in which data transfer is to be resumed after an interruption.
Additional controls:
Has a concept of data transfer been prepared?
Are full backups of the database created before data transfer?
Are users informed promptly and adequately about impending data transfer?