- Introduction
- Basic Security Principles
- Data Management: Determining and Maintaining Ownership
- Data Governance Policies
- Roles and Responsibilities
- Data Ownership
- Data Custodians
- Data Documentation and Organization
- Data Warehousing
- Data Mining
- Knowledge Management
- Data Standards
- Data Lifecycle Control
- Data Audits
- Data Storage and Archiving
- Data Security, Protection, Sharing, and Dissemination
- Privacy Impact Assessment
- Information Handling Requirements
- Record Retention and Destruction
- Data Remanence and Decommissioning
- Classifying Information and Supporting Asset Classification
This chapter is from the book
This chapter is from the book
This chapter is from the book
Data Remanence and Decommissioning
Object reuse must be carefully considered because information may remain on a hard disk or any other type of media. Even when data has been sanitized, there may be some remaining information. Data remanence is the residual data that remains after data has been erased from a storage device. Sanitization is the process of clearing all identified content such that no data remnants can be recovered. The CISSP exam will expect you to understand the differences between various types of sanitization methods.
Asset disposal must be handled in an approved manner and must be part of the systems development lifecycle. For example, media that has been used to store sensitive or secret information should be physically destroyed. Before systems or data are decommissioned or disposed of, you must understand any existing legal requirements pertaining to records retention. When archiving information, you must consider the method for retrieving the information.
Clearing and purging are two ways to decommission hardware. Zeroization is a type of clearing. Purging is considered a stronger, permanent form of sanitization. Degaussing and drive wiping are types of purging. The details of these methods are as follows:
Zeroization: This process, which is a type of clearing, is usually associated with cryptographic processes. The term was originally used with mechanical cryptographic devices, which would be reset to 0 to prevent anyone from recovering the key. In the electronic realm, zeroization involves overwriting the data with zeros. Zeroization is defined in ANSI X9.17. Data may be recoverable with this method.- Degaussing: This process is used to permanently destroy the contents of a hard drive or magnetic media. Degaussing involves using a powerful magnet whose field strength penetrates the media and reverses the polarity of the magnetic particles on the tape or hard disk. After media has been degaussed, it cannot be reused. The only method more secure than degaussing is physical destruction.
- Drive wiping: This is the act of overwriting all information on a drive. Drive wiping, which is covered in National Institute of Standards and Technology (NIST) 800-88 and U.S. Department of Defense (DoD) 5200.28, allows a drive to be reused. One form of drive wiping (specified in DoD 5200.28) is overwriting a drive with a special digital pattern through seven passes.
It is common for a storage device to have some remaining amount of information left on it after it has been erased. If the media is going to be reused rather than destroyed, the best practice is to overwrite it with a minimum of seven passes of random ones and zeros.
For information deemed too sensitive, assets such as hard drives, media, and other storage devices may need to be destroyed rather than reused. Destruction, which is the strongest form of sanitization, can include acid baths and physical destruction. If records that are no longer needed are held on a newer non-magnetic drive, such as a solid-state drive (SSD), Curie temperature may be used to heat the drive to the point where it loses its magnetic properties.