Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)
      9  5.4  Policy and Procedures
           9  5.4.1  Security Policy

Previous Topic/Section
5.4.1.7  SLAs (Service Level Agreements)
Previous Page
Pages in Current Topic/Section
1
Next Page
5.4.1.9  HR (Human Resources) Policy
Next Topic/Section

5.4.1.8  Disposal / Destruction

The term used for finding discarded information is called dumpster diving. Silicon Valley dumpsters were famous for what surfaced in the trash. One of your authors, who shall remain nameless, recovered a CPU – hard drive data, still intact – one morning, after seeing an overflowing dumpster in a public parking lot along Stevens Creek Boulevard. More dangerous to organizations than the loss of equipment (which they’ve thrown out and presumably don’t want anyway) is the disclosure of confidential information that could occur if the wrong person gets hold of the discarded data. This is much more common the most of us could believe433.

For tape and floppies, use degausses on magnetic media to help get rid of data. Erasing individual files, and even formatting a drive, does not necessarily result in the destruction of data on the drive. Microsoft has a tool for removing hidden data in Word 2003/XP 434

Bye Bye, For Sure

Send hard copy through a shredder, to protect against “dumpster diving” for customer credit card data, employee lists, network address lists, and other current information about your network an attacker might use to gain access or impersonate an authorized person who has access.

For magnetic media, the DoD requires an overwrite of at least 6 times with random patterns for destruction of non-classified data.


Secure erasing is a procedure of writing random byte patterns to change the magnetic information to prevent “un-erasing” of data. It is possible to recover data unless this is done. The command FDISK destroys the index of file structures. Think of a library with a manual card file for locating books. Destroying the card file does not make the library go away, just more difficult to find things 435.

The only way to be really sure that a hard drive can no longer reveal data is to use a file -- the physical kind -- on the surface of the platters.


 __________________

433. http://simson.net/clips/2003.CSO.04.Hard_disk_risk.htm

434. http://www.microsoft.com/downloads/details.aspx?familyid=144e54ed-d43e-42ca-bc7b-5446d34e5360&displaylang=en

435. http://www.infoworld.com/article/04/02/06/06FEdispose_1.html

Previous Topic/Section
5.4.1.7  SLAs (Service Level Agreements)
Previous Page
Pages in Current Topic/Section
1
Next Page
5.4.1.9  HR (Human Resources) Policy
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.