The ThorTeaches CISSP, CISM, and CC blog!

Get certification updates, tips, tricks, sales, and much more!

orange-underline-thorteaches-cissp-cism-cc-ccsp-security-training

CISSP certification: Data disposal.

Data Destruction:

When we no longer need a certain media, we must dispose of it in a manner that ensures the data can’t be retrieved. This pertains to both electronic media and paper copies of data.

  • Paper disposal.
    • It is highly encouraged to dispose of ANY paper with any data on it in a secure manner.
    • This also has standards and cross shredding is recommended.
    • It is easy to scan and have a program re-assemble documents from normal shreds like the this one.
  • Digital disposal – The digital disposal procedures are determined by the type of media.
    • Deleting, Formatting and Overwriting (Soft destruction):
      • Deleting a file just removes it from the table; everything is still recoverable.
      • Formatting does the same but it also puts a new file structure over the old one. Still recoverable in most cases.
      • Overwriting is done by writing 0’s or random characters over the data.
        • As far as we know there is no tool available that can recover even single pass overwriting (not possible on damaged media).
    • Degaussing destroys magnetic media by exposing it to a very strong magnetic field.
    • Full physical destruction is safer than soft destruction:
      • Disk Crushers do exactly what their name implies: they crush disks (often used on spinning disks).
      • Shredders do the same thing as paper shredders do, they just work on metal.
        • These are rare to have at normal organizations, but you can buy the service.
      • Incineration, pulverizing, melting and acid are also (very rarely) used to ensure full data destruction.
  • It is common to do multiple types of data destruction on sensitive data (both degaussing and disk crushing/shredding).
  • While it may not be necessary, it is a lot cheaper than a potential $1,000,000 fine or loss of proprietary technology or state secrets.

Start studying today!

  • 34 hours of CISSP videos
  • 5,000+ CISSP questions
  • A 300-page CISSP study guide
  • 120-page quick sheets
  • CISSP Mnemonics
  • A CISSP study plan
  • A 2,500-page CISSP Glossary
  • The 24/7 CISSP ThorBot (chatbot)
  • 2,500 CISSP Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
  • 32 hours of CISM videos
  • 900 CISM questions
  • A 200-page CISM study guide
  • CISM Mnemonics
  • A CISM study plan
  • A 2,500-page CISM Glossary
  • The 24/7 CISM ThorBot (chatbot)
  • 2,500 CISM Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
  • 17 hours of CC videos
  • 1,700+ CC questions
  • A 120-page CC study guide
  • CC Mnemonics
  • A CC study plan
  • A 2,500-page CC Glossary
  • The 24/7 CC ThorBot (chatbot)
  • 2,500 CC Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access