Disposal Flashcards

1
Q

EOL

A

The first requirement in secure disposal of software and its related data and documents is that there is an End-of-Life (EOL) policy that is established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST Special Publication 800-30

A

Risk Management Guide for Information Technology Systems prescribes that risk management activities need to be performed for system components that will be disposed or replaced to ensure that the hardware and software are properly disposed of.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The EOL policy must provide

A

The conditions in which systems and software must be securely disposed of and provide guidance on how to accomplish this objective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An EOL Policy must in general contain

A

Sun-setting criteria; A notice of all the hardware and software that are being discontinued or replaced; The duration of support for technical issues; Recommendation and alternatives for migration and transition; The duration of time when maintenance releases, workarounds and patches and upgrades will be released and supported; Contract renewal terms in cases of licensed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sun-setting criteria

A

Sun-setting criteria provide guidance as to when a particular product (software or the hardware on which the software runs) must be disposed or replaced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

EOL processes

A

Are the series of technical and business milestones and activities, which when complete make the hardware or software obsolete and no longer produced, sold, improved, repaired, maintained or supported. It also ensures that any related artifacts such as data in media, code and documents in the case of software are securely disposed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Sanitization

A

The process of removing information from media such that data recovery and disclosure is not possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The three most common means of media sanitization include:

A

Clearing, Purging and Destroying.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Disposal

A

The act of discarding media without giving any considerations to sanitization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Clearing

A

The process of sanitizing media by using software or hardware products that overwrite logical (e.g., file allocation tables) and addressable storage space on the media with non-sensitive random data. it can left data remanence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data remanence

A

When data remains as residual information upon clearing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Purging

A

The process of sanitizing media by rendering the data into an unrecoverable state. E.g. magnetic media are
degaussing and executing the Secure Erase command in ATA drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Degaussing

A

The process of reducing the magnetic flux of the media to virtual zero by applying a reverse magnetizing field.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Destroying or Destruction

A

The process of ensuring that the media can no longer be reused as originally intended and the recovery of data from the media is virtually impossible or prohibitively costly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Laboratory attack

A

Where specially trained and skilled threat agents use

non-standard resources and systems to perform data recovery on media outside of their normal operating settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The different techniques that can be used for physically destroying media for sanitization purposes are:

A

Disintegration; Pulverization; Melting; Incineration or Burning; Shredding.

17
Q

NIST’s special publication 800-88

A

Guidelines for Media Sanitization

18
Q

Data Sanitization and Decision Flow - Data Low and Leaving organizanitation - which sanitization method

A

Purge

19
Q

Data Sanitization and Decision Flow - Data Low and NOT Leaving organizanitation - which sanitization method

A

Clear

20
Q

Data Sanitization and Decision Flow - Data Moderate/High and NOT reuse media - which sanitization method

A

Destroy

21
Q

Data Sanitization and Decision Flow - Data Moderate and Leaving organization - which sanitization method

A

Purge

22
Q

Data Sanitization and Decision Flow - Data High and NOT Leaving organization - which sanitization method

A

Destroy