Page 712 - StudyBook.pdf
P. 712

696    Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery

                 When files, records, or paperwork are destroyed, a policy dealing with disposal
             and destruction of data should be used. Such a policy can also be referred to when
             determining what to do with data that is destroyed daily, such as forms that are
             incorrectly filled out or corporate memos that are read but no longer needed.This
             policy provides clear guidelines of how an organization expects this material to be
             discarded.
                 Data can be destroyed in a number of ways, with some being more effective
             than others. If data is simply deleted, any number of data recovery or computer
             forensic tools can be used to restore the data. Even formatting the hard disk is not a
             suitable solution, when you consider that certain tools and data recovery methods
             can still access the data.The only way to be certain that data cannot be recovered
             using software solutions is to overwrite it with other data.
                 Disk erasing software wipes the disk clean by erasing all of the files and over-
             writing the disk space with a series of ones and zeros. In doing so, every sector of
             the disk is overwritten, making the data unrecoverable. If anyone attempted to
             recover data on the disk, they wouldn’t be able to retrieve anything because the
             data is completely destroyed.



              TEST DAY TIP

                  Data stored on magnetic media such as floppy disks and backup tapes
                  can be effectively destroyed by using a degausser, which is also called a
                  bulk demagnetizer.




                 A degausser or bulk demagnetizer is hardware that can be used to destroy data
             stored on magnetic media such as floppy disks and backup tapes.A degausser is a
             powerful magnet that erases all data from magnetic media so that no one can
             retrieve information from it. Hard disks can also have data erased with a degausser,
             performing a low level format that erases all data from the disk.
                 If there are concerns over particularly sensitive information being seen by out-
             side sources, an additional measure of security is physically scarring or destroying
             the media. For floppy disks and backup tapes, this involves shredding the media
             into pieces. For hard disks, you would open the hard drive, remove the platter
             inside, and physically scar or destroy it.Acid can also be used to destroy magnetic
             media.
                 In addition to addressing data stored on computers, it is also important that
             your policy address hard (printed) copies of data. Printed materials can still be



          www.syngress.com
   707   708   709   710   711   712   713   714   715   716   717