Disposal Flashcards
EOL
The first requirement in secure disposal of software and its related data and documents is that there is an End-of-Life (EOL) policy that is established.
NIST Special Publication 800-30
Risk Management Guide for Information Technology Systems prescribes that risk management activities need to be performed for system components that will be disposed or replaced to ensure that the hardware and software are properly disposed of.
The EOL policy must provide
The conditions in which systems and software must be securely disposed of and provide guidance on how to accomplish this objective.
An EOL Policy must in general contain
Sun-setting criteria; A notice of all the hardware and software that are being discontinued or replaced; The duration of support for technical issues; Recommendation and alternatives for migration and transition; The duration of time when maintenance releases, workarounds and patches and upgrades will be released and supported; Contract renewal terms in cases of licensed.
Sun-setting criteria
Sun-setting criteria provide guidance as to when a particular product (software or the hardware on which the software runs) must be disposed or replaced.
EOL processes
Are the series of technical and business milestones and activities, which when complete make the hardware or software obsolete and no longer produced, sold, improved, repaired, maintained or supported. It also ensures that any related artifacts such as data in media, code and documents in the case of software are securely disposed.
Sanitization
The process of removing information from media such that data recovery and disclosure is not possible.
The three most common means of media sanitization include:
Clearing, Purging and Destroying.
Disposal
The act of discarding media without giving any considerations to sanitization.
Clearing
The process of sanitizing media by using software or hardware products that overwrite logical (e.g., file allocation tables) and addressable storage space on the media with non-sensitive random data. it can left data remanence.
Data remanence
When data remains as residual information upon clearing.
Purging
The process of sanitizing media by rendering the data into an unrecoverable state. E.g. magnetic media are
degaussing and executing the Secure Erase command in ATA drives.
Degaussing
The process of reducing the magnetic flux of the media to virtual zero by applying a reverse magnetizing field.
Destroying or Destruction
The process of ensuring that the media can no longer be reused as originally intended and the recovery of data from the media is virtually impossible or prohibitively costly.
Laboratory attack
Where specially trained and skilled threat agents use
non-standard resources and systems to perform data recovery on media outside of their normal operating settings.