A smoke photoelectric detector detects what?
A: The infrared light emitted from a fire.
B: A change in the light indicating higher particle density.
C: A rise in temperature indicating a fire.
D: If the light is off in the data center.
CBK 3: Security Engineering
Source: ThorTeaches.com practice tests
B: Smoke Detectors: Photoelectric uses LED (Light Emitting Diode) and a photoelectric sensor that produces a small charge while receiving light. Triggers when smoke or any higher particle density interrupts the light.
When we no longer need a certain media, we must dispose of it in a manner that ensures the data can’t be retrieved. This pertains to both electronic media and paper copies of data.
- Paper disposal.
- It is highly encouraged to dispose of ANY paper with any data on it in a secure manner.
- This also has standards and cross shredding is recommended.
- It is easy to scan and have a program re-assemble documents from normal shreds like the this one.
- Digital disposal – The digital disposal procedures are determined by the type of media.
- Deleting, Formatting and Overwriting (Soft destruction):
- Deleting a file just removes it from the table; everything is still recoverable.
- Formatting does the same but it also puts a new file structure over the old one. Still recoverable in most cases.
- Overwriting is done by writing 0’s or random characters over the data.
- As far as we know there is no tool available that can recover even single pass overwriting (not possible on damaged media).
- Degaussing destroys magnetic media by exposing it to a very strong magnetic field.
- This will also most likely destroy the media integrity.
- Full physical destruction is safer than soft destruction:
- Disk Crushers do exactly what their name implies: they crush disks (often used on spinning disks).
- Shredders do the same thing as paper shredders do, they just work on metal.
- These are rare to have at normal organizations, but you can buy the service.
- Incineration, pulverizing, melting and acid are also (very rarely) used to ensure full data destruction.
- It is common to do multiple types of data destruction on sensitive data (both degaussing and disk crushing/shredding).
- While it may not be necessary, it is a lot cheaper than a potential $1,000,000 fine or loss of proprietary technology or state secrets.
Data, System, Mission Ownership, Custodians and Users:
Each role has unique roles and responsibilities to keep the data safe.
- Mission/Business Owner:
- Senior executives make the policies that govern our data security.
- Data/Information Owner:
- Management level, they assign sensitivity labels and backup frequency.
- This could be you or a Data Owner from HR, Payroll or other departments.
- System Owner:
- Management level and the owner of the systems that house the data.
- Often a Data Center Manager or an Infrastructure Manager.
- Data Custodian:
- These are the technical hands-on employees who do the backups, restores, patches, system configuration.
- They follow the directions of the Data Owner.
- These are the users of the data.
- User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures and standards.
- Data Controllers and Data Processors:
- Controllers create and manage sensitive data in the organization (HR/Payroll)
- Processors manage the data for Controllers (Outsourced Payroll)
We need to protect our data as well as we can regardless where it is and if it is in use or not.
- Data has 3 States: We want to protect it as well as we can in each state.
- Data at Rest (Stored Data):
- This is data on Disks, Tapes, CDs/DVDs, USB Sticks
- We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs).
- Encryption can be Hardware or Software Encryption.
- Data in Motion (Data being transferred on a Network).
- We encrypt our network traffic, end to end encryption, this is both on internal and external networks.
- Data in Use: (We are actively using the files/data, it can’t be encrypted).
- Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.