Download Electronic Media Disposal - University of South Florida

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Data vault modeling wikipedia , lookup

Business intelligence wikipedia , lookup

Information privacy law wikipedia , lookup

Open data in the United Kingdom wikipedia , lookup

Audience measurement wikipedia , lookup

Disk formatting wikipedia , lookup

Transcript 
Security Procedures
Last Modified: 8/2/2010
Electronic Media Disposal
(ISSP-009)
Introduction
Restricted data, such as proprietary information and student information, may reside on various
types of media throughout the University. Due to technological advancements, simple deletion or
formatting does not provide enough protection of restricted data. Deleted files usually will remain
on the media for long periods of time, and many software tools are now available to recover such
data. Many state and federal regulations may also require the removal of information from
electronic media be made in a secure fashion.
For more detailed information please refer to NIST special pulblication 800-88: Guideline for
media sanitation. http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
This document provides procedures to be followed to ensure the proper removal of such data
when the media containing the data will be:





Transferred to another person or unit within the University
Declared as surplus property
Donated
Is no longer functional, or
Retention of the data is no longer required by the State Record Retention Schedules
Scope
This document applies to all electronic media containing USF restricted data, per ISSP-001. If the
media content cannot be determined with certainty the equipment must be handled as if it
contained restricted data.
Electronic media is defined by any electronic medium used to store information such as Hard
Drives, Backup Tapes, thumb drives, CDROMS, and Floppy Disks.
Procedure
If media containing data, or a device housing such media, will be transferred to another unit (USF
affiliated or not) or has been declared as surplus property the data on that media must be
removed prior to releasing the media.
Please note: once destroyed in the manner described below, these files cannot be
recovered. The University and/or the Information Security Workgroup are not responsible
for unwanted effects the use of this software may cause. Do not use the methods
described below unless you are certain the data will no longer be needed.
Overwriting the Data
In order to prevent recovery, the one of the options is to overwrite the space previously occupied
by the restricted data. The tool used may depend on the operating system used and the amount
of data to be overwritten.
Overwriting Single Files
One of the options for single file/unused disk space overwriting is a GNU Public License (GPL)
file called Eraser. The software can be obtained at http://www.heidi.ie/eraser/ and it supports a
Electronic Media Disposal
University of South Florida
Security Procedures
Last Modified: 8/2/2010
variety of Operating Systems. Eraser can be used, for instance, to effectively erase an Excel
spreadsheet file containing restricted student data.
Overwriting the Entire Media
When a computer is being surplused or donated it is often necessary to wipe the contents of the
entire disk. This can be a long and tedious process. Darik’s Boot and Nuke is an application
which includes several overwriting methods, supports a great variety of PC hardware, and can be
used as a boot disk, as the name suggests. Administrators can download an image from
http://dban.sourceforge.net/ and burn a boot disk. Because it works as a boot disk, the software is
Operating System independent. It will work on any Intel/AMD machine.
Degaussing
Degaussing is the application of a strong magnetic field to a magnetic media storage device in
order to effectively erase its contents. Bulk erasers or degaussers are used to perform such a
task. These equipments are ideal to erase backup tapes and other standalone magnetic media,
since they do not require the media to be powered during the process. Much like Darik’s Boot and
Nuke, a degausser will erase the entire content of the media. Media wiped clean by a degausser
can most of the time be reused. All degaussing technologies should be tested when using a
medium type to make sure the degaussing device works with the particular type of medium. For
example CDROMS do not work with degaussing technology at all.
Physical Destruction of Media
Physical destruction of the media may be the ultimate solution. In the same manner credit cards
may be shredded to avoid credit theft, faulty media containing restricted data must be physically
destroyed whenever possible. Destruction can be as simple as unraveling and cutting up old tape
reels, tearing up and splitting floppy disks, or putting CDROMs through a shredder. It is usually a
much quicker process than overwriting data, and when done properly just as effective
Hiring a Third Party
Due to the time investment required to process the media, it may be advantageous to hire a thirdparty record management and destruction company to perform the media wipe. If that’s the case,
the vendor must provide
 a written statement explaining the procedure,
 include a time estimate in which the media will be stored awaiting processing, and
 a statement assuming responsibility over the confidentiality of the data while under their
possession.
Vendors and Equipment Maintenance
Maintenance and warranty contracts frequently require failed media to be returned to the vendor.
Any such vendor must provide a written statement containing an assurance that any data on
failed media will be purged in accordance with this policy.
Electronic Media Disposal
University of South Florida
Related documents
BAB 2 BASIC OPERATING SYSTEM CONCEPT
BAB 2 BASIC OPERATING SYSTEM CONCEPT
2.1 Input Output Control System
2.1 Input Output Control System
Operating- System Structures
Operating- System Structures
Helpful Questions in Identifying System Constraints
Helpful Questions in Identifying System Constraints
Operating- System Structures
Operating- System Structures
Operating Systems
Operating Systems
Tutorail-two-with
Tutorail-two-with
Abstract View of System Components
Abstract View of System Components
Operating Systems
Operating Systems