Page 1151 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1151
it helps prevent unauthorized disclosure (loss of confidentiality),
unauthorized modification (loss of integrity), and unauthorized
destruction (loss of availability).
Controlling USB Flash Drives
Many organizations restrict the use of USB flash drives to only
specific brands purchased and provided by the organization. This
allows the organization to protect data on the drives and ensure
that the drives are not being used to inadvertently transfer
malicious software (malware) between systems. Users still have the
benefit of the USB flash drives, but this practice reduces risk for
the organization without hampering the user’s ability to use USB
drives.
For example, Kingston Digital sells IronKey flash drives that
include multiple levels of built-in protection. Several
authentication mechanisms are available to ensure that only
authorized users can access data on the drive. It protects data with
built-in AES 256-bit hardware-based encryption. Active anti-
malware software on the flash drive helps prevent malware from
infecting the drive.
Enterprise editions include additional management solutions
allowing administrators to manage the devices remotely. For
example, they can reset passwords, activate auditing, and update
the devices from a central location.
Tape Media
Organizations commonly store backups on tapes, and they are highly
susceptible to loss due to corruption. As a best practice, organizations
keep at least two copies of backups. They maintain one copy onsite for
immediate usage if necessary, and store the second copy at a secure
location offsite. If a catastrophic disaster such as a fire destroys the
primary location, the data is still available at the alternate location.
The cleanliness of the storage area will directly affect the life span and
