Enforce backup for all virtual machines by backing them up to an existing central recovery services vault in the same location and subscription as the virtual machine. Doing this is useful when there is a central team in your organization managing backups for all resources in a subscription. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMCentralBackupExcludeTag.
The following 8 compliance controls are associated with this Policy definition 'Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location' (09ce66bc-1220-4153-8104-e3f51c936913)
Minimize Risks of Data Corruption and Loss in ICT Processes
Shared
n/a
Implement information and communication technology (ICT) processes that minimize the risk of data corruption or loss, unauthorized access, and technical flaws that may disrupt business activities.
Establish Procedures for Managing the Security of System Operations
Shared
n/a
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions.
Establish Protective Measures for Administrator Privileges and Security Configurations
Shared
n/a
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations.
Establish Backup Recovery Procedures for Information Systems and Ensure Timely Recovery
Shared
n/a
Establish and implement backup recovery procedures for the information system such as backup targets, backup cycles, backup methods, storage places, storage periods, and vaulting. Ensure timely recovery of information systems following an incident.
A large financial institution is required to'
(a) implement a centralised automated tracking system to manage its technology asset inventory; and
(b) establish a dedicated in-house cyber risk management function to manage cyber risks or emerging cyber threats. The cyber risk management function shall be responsible for the following:
(i) perform detailed analysis on cyber threats, provide risk assessments on potential cyber-attacks and ensure timely review and escalation of all high-risk cyber threats to senior management and the board; and
(ii) proactively identify potential vulnerabilities including those arising from infrastructure hosted with third party service providers through the simulation of sophisticated 'Red Team' attacks on its current security controls.