The Official (ISC)2 SSCP CBK Reference. Mike Wills

Чтение книги онлайн.

Читать онлайн книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills страница 36

The Official (ISC)2 SSCP CBK Reference - Mike Wills

Скачать книгу

can be transferred at arrival.

       Sanitization and Disposal

      The topics of media sanitization and disposal overlap and are interrelated. There is a time in the information lifecycle when certain data is no longer needed, and having this data sitting on media for no reason presents an unacceptable risk. If there is no benefit, why accept even the slightest risk that the media could be compromised? At that point, the information must be destroyed by sanitizing or zeroizing the media; the media may be returned to your library as reformatted, empty, but suitable for reuse with information at a security level consistent with the media's marking or destroyed if the media is past its economically useful life as well. So, what are the differences between the two?

      The first difference is the reuse scenario. According to NIST 800-53, media should be sanitized “prior to disposal, release out of organizational control, or release for reuse.” Disposal of media doesn't acknowledge a need to reuse the media, but sanitization does. Blank, new media might cost $50 to $3,000 or more apiece, so it may be worthwhile to have effective reuse and sanitization strategies in place. With the rapidly increasing capacity and decreasing cost of solid-state drives and flash media, many organizations choose verifiable destruction rather than risk an incomplete sanitization of such media. Destruction can also be done faster and at less cost in most cases.

      The next difference is in the methods. The sanitization methods are less physically destructive than disposal methods. For example, sanitizing nondigital media, such as paper documents, is accomplished by removing sensitive pages or entire sections or by redacting or obscuring specific text. In contrast, disposal of paper documents would entail cross-shredding, pulping, or burning the papers entirely. Sanitizing digital media, such as hard drives, would mean overwriting each sector and byte of the drive many times with random characters. (The NSA has been known to call this process zeroization, even though it doesn't actually recommend writing nothing but zeros to the media; this would risk a missed block or sector being completely readable.) Disposal of hard drives, in contrast, entails either degaussing the drive, physically abrading or chemically corroding the surface of the disk platters, or breaking the entire drive in a powerful shredder. Even when degaussed or abraded, disposal of sanitized media may be constrained by local laws, including any limitations on the search of trash disposal sites with or without a search warrant.

      NOTE Degaussing does not work on a solid-state drive (SSD) or optical disk.

      Having discussed the differences, what are the commonalities between sanitization and disposal? Essentially, everything else. The goal of both sanitization and disposal is to ensure that the data previously on the media is not readable or recoverable. They should both happen according to formal processes that review, approve, document, and verify the sanitization/disposal. In both cases, the methods and tools should be commensurate with the data stored on the media. This also includes the removal of external markings and labels.

      For both sanitization and disposal, the sensitivity of the data on the media should drive how rigorously you apply these processes and how thoroughly you control it procedurally. In some cases, also consider that it may be less expensive to apply the more stringent sanitization or disposal method to all media than to spend time separating them.

      Both sanitization and disposal use specific tools, whether software tools, grinder, shredder, degausser, etc. These tools need to be periodically tested to ensure they are effective and that the media/remnants cannot be read or restored.

      When storing and collecting media prior to sanitization or disposal, consider affording additional protection above and beyond normal media classification and marking. If there is a large quantity of nonsensitive information in one place, it can become more sensitive by aggregation.

       Media Disposal and Information Retention Must Match

      Almost every category of corporate or private-sector sensitive or classified information has to have a retention strategy defined for it, as part of keeping the organization compliant with a growing and sometimes bewildering body of law and potentially conflicting stakeholder interests. Make sure that your information library procedures, including the ones for destruction of information and disposal of media, match with those retention requirements. If they don't, you'll need help from senior management and the organization's legal team to find an acceptable solution.

      NOTE It's helpful to remember that a physical control interacts physically with the subject or object being controlled; technical and logical controls interact with data flows and signals being sent around the system as ways to control the logical behavior of software and hardware.

      Chapter 3 will focus on how you choose what mix of physical, logical, and administrative controls to build into your security architecture; here, we'll focus on them after you've installed them and declared them operational.

      Regardless of the type of control elements involved, compliance can be measured or assessed by the same set of techniques: review, audit, exercise, and operational evaluation. Help-desk trouble tickets, user complaints or suggestions, the “police blotter” or daily logs kept by your security teams, and many other sources of information should all be subject to review and audit. Performance metrics can also be adopted (preferably in automated ways) that can alert management when controls are not being used effectively, as indicated by increasing rates of incidents, error rates, problem reports, and end-user dissatisfaction with system usability and reliability. Don't forget to keep an eye on customer or client behavior and input: A decline in orders, transactions, or web page hits may be as much about the quality and price of your products as it is about the security (or lack thereof) of your information systems and practices, as seen by your customers.

      Technical Controls

Скачать книгу