What are the ways a company can go about mitigating risk of
loss/destruction of information contained within their database(s)?  I
am interested in more info concerning ways to reduce risk both internally
to the company(hackers, viruses, disgruntled employees, etc) and from
external forces (fire, flood, theft, terrorist attacks, etc).

---

Clarification of Question by mediatect-ga on 26 Apr 2005 16:10 PDT

Looking to have answer very soon - by Wednesday noon April 27 preferred.

First clarfication that is needed is exactly what db software you're
running, what OS(s) are involved, and what size system you're talking
about, and size of the db. Internally, keeping the db behind its own
firewall on its own box with only root login access should keep it
pretty safe from most internet threats. Implementing either tape
backups or even just writing it to DVD disks (or cd depending on size
of db) every night should be sufficient for keeping physical archival
backups. Another good idea (especially if you dont have daily physical
access to the machine) would be to implement off site storage, backing
up the db nightly (or weekly, depending on size) to a remote data
center site.

Thanks for the comment. Those are good ideas, however, I am wondering
about companies who may have multiple databases that run on a variety
of operating systems. Maybe they do all of those things you mention,
only in more places throughout the company on a more frequent basis?

Perhaps my question is too broad, but I am looking for more or less a
brainstorm here.

How does a company go about protecting a massive database (i.e.
insurance companies and all of their customer's records)? Another
example might be how a multi-million dollar company in several
locations across the USA would protect it's data. I've read a little
about SANs.  And, although events like 9/11 are rare, I am interested
protection from those types of occurences as well.