NIST Guidelines for Media Sanitization (Draft)
NIST raises an important topic. Each organization must have a process to
properly dispose of hardware and media. The alternative is external leaks
of sensitive information.
Hard drives in particular must be thoroughly wiped or destroyed. They can
store large volumes of data. Deleting files only removes data pointers. The
data remains on the disk. Hardware donated to schools may be turned over to
PC wholesalers and sold on eBay
(http://www.informationweek.com/news/showArticle.jhtml?articleID=177105357).
This NIST document is well worth reading. Here are a few highlights that
interested me:
* Emerging storage technology (e.g. data stored on light-sensitive crystals
with estimated access time of 1 GB per second)
* Methods to securely dispose of data (using programs and physical methods
of destruction)
* Recommendations for sanitizing: paper, cell phones, PDAs, network
routers, copy machines, fax machines, floppy disks, hard drives, zip disks,
magnetic tapes, CDs, DVDs, memory, magnetic cards, etc.
* Suggestions for home users and telecommuters
Consider adding this document to your operations guide as a reference for
properly sanitizing hardware and media.
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
If you like the document and have something to add, please reach out to
NIST and share your thoughts (media-sanitize@...).
Kind regards,
Gideon
Gideon T. Rasmussen
CISSP, CISA, CISM, SCSA
Charlotte, NC
gideon@...
http://www.ussecurityawareness.org
http://www.gideonrasmussen.com
Posted:
Wed Feb 8, 2006 3:28 am
Copyright © 2002 - 2007 Gideon T. Rasmussen All Rights Reserved.
Legal Notices