General Information
The key in deciding how to manage media in an organization is to
first consider the information, then the media type. The security
categorization of the information, along with internal environmental
factors, should drive the decisions on how to deal with the media.
Again, the key is to first think in terms of information
confidentiality, then by media type. In organizations, information
exists that is not associated with any categorized system. This
information is often hard copy internal communications such as
memoranda, white papers, and presentations. Sometimes this information
may be considered sensitive. Examples may include internal disciplinary
letters, financial or salary negotiations, or strategy meeting minutes.
Organizations should label these media with their internal operating
classifications and associate a type of sanitization described in this
publication. There are different types of sanitization for each type of
media. We have divided media sanitization into four categories:
disposal, clearing, purging and destroying. Disposal exists where media
are just tossed out with no special disposition given to them. Some
media can be simply disposed if information disclosure would have no
impact on organizational mission, would not result in damage to
organizational assets, would not result in financial loss or would not
result in harm to any individuals. Disposal is mentioned to assure
organizations that all media does not require sanitization and that
disposal is still a valid method for handling media containing
non-confidential information. Since disposal is not technically a type
of sanitization, it will not be mentioned or addressed outside of this
section.
-- National Institute of Standards and Technology, NIST Special
Publication 800-88
Disposal
Disposal is the act of discarding media with no other sanitization
considerations. This is most often done by paper recycling containing
non-confidential information but may also include other media.
-- National Institute of Standards and Technology, NIST Special
Publication 800-88
Clearing
Clearing information is a level of media sanitization that would
protect the confidentiality of information against a robust keyboard
attack. Simple deletion of items would not suffice for clearing.
Clearing must not allow information to be retrieved by data, disk, or
file recovery utilities. It must be resistant to keystroke recovery
attempts executed from standard input devices and from data scavenging
tools. For example, overwriting is an acceptable method for clearing
media. There are overwriting software or hardware products to overwrite
storage space on the media with non-sensitive data. This process may
include overwriting not only the logical storage location of a file(s)
(e.g., file allocation table) but also may include all addressable
locations. The security goal of the overwriting process is to replace
written data with random data. Overwriting cannot be used for media that
are damaged or not writeable. The media type and size may also influence
whether overwriting is a suitable sanitization method. [SP 800-36].
Studies have shown that most of todayxs media can be effectively cleared
by one overwrite.
-- National Institute of Standards and Technology, NIST Special
Publication 800-88
Purging
Purging information is a media sanitization process that protects the
confidentiality of information against a laboratory attack. For some
media, clearing media would not suffice for purging. However, for ATA
disk drives manufactured after 2001 (over 15 GB) the terms clearing and
purging have converged. A laboratory attack would involve a threat with
the resources and knowledge to use nonstandard systems to conduct data
recovery attempts on media outside their normal operating environment.
This type of attack involves using signal processing equipment and
specially trained personnel. Executing the firmware Secure Erase command
(for ATA drives only) and degaussing are examples of acceptable methods
for purging. Degaussing of any hard drive assembly usually destroys the
drive as the firmware that manages the device is also destroyed.
Degaussing is exposing the magnetic media to a strong magnetic field in
order to disrupt the recorded magnetic domains. A degausser is a device
that generates a magnetic field used to sanitize magnetic media.
Degaussers are rated based on the type (i.e., low energy or high energy)
of magnetic media they can purge. Degaussers operate using either a
strong permanent magnet or an electromagnetic coil. Degaussing can be an
effective method for purging damaged media, for purging media with
exceptionally large storage capacities, or for quickly purging
diskettes. Degaussing is not effective for purging nonmagnetic media,
such as optical media [compact discs (CD), digital versatile discs
(DVD), etc.). [SP 800-36, Guide to Selecting Information Security
Products]
-- National Institute of Standards and Technology, NIST Special
Publication 800-88
Destroying
Destruction of media is the ultimate form of sanitization. After
media are destroyed, they cannot be reused as originally intended.
Physical destruction can be accomplished using a variety of methods,
including disintegration, incineration, pulverizing, shredding, and
melting. If destruction is decided upon due to the high security
categorization of the information or due to environmental factors, any
residual medium should be able to withstand a laboratory attack.
*Disintegration, Incineration, Pulverization, and Melting. These
sanitization methods are designed to completely destroy the media. They
are typically carried out at an outsourced metal destruction or
incineration facility with the specific capabilities to perform these
activities effectively, securely, and safely. *Shredding. Paper
shredders can be used to destroy flexible media such as diskettes once
the media are physically removed from their outer containers. The shred
size of the refuse should be small enough that there is reasonable
assurance in proportion to the data confidentiality level that the
information cannot be reconstructed. Optical mass storage media,
including compact disks (CD, CD-RW, CD-R, CD-ROM), optical disks (DVD),
and magneto-optic (MO) disks must be destroyed by pulverizing,crosscut
shredding or burning. Destruction of media should be conducted only by
trained and authorized personnel. Safety, hazmat, and special
disposition needs should be identified and addressed prior to conducting
any media destruction.
-- National Institute of Standards and Technology, NIST Special
Publication 800-88
Call or
Email Us for a quote!