Page 327 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 327

the wrong hands and result in unauthorized disclosure. Highly
               classified data requires different steps to destroy it than data classified

               at a lower level. An organization’s security policy or data policy should
               define the acceptable methods of destroying data based on the data’s
               classification. For example, an organization may require the complete
               destruction of media holding highly classified data, but allow
               personnel to use software tools to overwrite data files classified at a
               lower level.


               NIST SP 800-88r1, “Guidelines for Media Sanitization,” provides
               comprehensive details on different sanitization methods. Sanitization
               methods (such as clearing, purging, and destroying) ensure that data
               cannot be recovered by any means. When a computer is disposed of,
               sanitization includes ensuring that all nonvolatile memory has been
               removed or destroyed; the system doesn’t have compact discs
               (CDs)/digital versatile discs (DVDs) in any drive; and internal drives
               (hard drives and solid-state drives (SSDs) have been sanitized,

               removed, and/or destroyed. Sanitization can refer to the destruction of
               media or using a trusted method to purge classified data from the
               media without destroying it.


               Eliminating Data Remanence

               Data remanence is the data that remains on media after the data was
               supposedly erased. It typically refers to data on a hard drive as
               residual magnetic flux. Using system tools to delete data generally

               leaves much of the data remaining on the media, and widely available
               tools can easily undelete it. Even when you use sophisticated tools to
               overwrite the media, traces of the original data may remain as less
               perceptible magnetic fields. This is similar to a ghost image that can
               remain on some TV and computer monitors if the same data is
               displayed for long periods of time. Forensics experts and attackers

               have tools they can use to retrieve this data even after it has been
               supposedly overwritten.

               One way to remove data remanence is with a degausser. A degausser
               generates a heavy magnetic field, which realigns the magnetic fields in
               magnetic media such as traditional hard drives, magnetic tape, and
               floppy disk drives. Degaussers using power will reliably rewrite these
   322   323   324   325   326   327   328   329   330   331   332