CISSP D2 Preview | Data Remanence and Destruction

You can get all my courses, free study materials, my free CISSP course and much more on https://thorteaches.com/

In this lecture, we are going to talk about what we do when we no longer need certain media.
How do we dispose of it safely and securely?
Remember, 6% of all the threats that we face are from lost or improper disposal.
Out of all our internal threats, that’s almost 20% of them.
We do our due care, we do our due diligence, and we make sure that this is not the weak link in our chain.
And remember, data is data.
It doesn’t matter if it’s on an electronic medium or it is paper or in any other formats.
We need to dispose of it properly.
We might have this amazing defense in depth, but then we throw paper out; paper with sensitive data.
If I was an attacker, well, that is where I would look.
So let’s start out with paper disposal.
In most places I have worked, we have had shred bins.
They’re basically trash cans, maybe 4 feet tall, 1 meter and 20 centimeters.
They have a little slot for the paper and then they have a lock on them.
And once every two weeks, whatever we pay for, someone comes from a company and picks them up and disposes of the paper properly.
Some of them do it on site.
Most of the ones I have seen do that.
They take the paper, they put it through the shredder in the truck, and then they bring the containers back.
They give you a piece of paper saying this paper was disposed of properly and you then have that paper trail to prove that you have done what you need to do.
And just like with the storage tapes, we need to make sure they are licensed and bonded to do proper disposal where we are operating as an organization.
Now, if this is something we can’t afford or it’s just not available where your organization is, well then, you still need to dispose of the data.
Here, maybe buy a cross shredder.
Do the same for your home.
Never, ever throw sensitive data out in the trash.
I’m guessing you have seen some of the same movies that I have where someone shreds their papers but they don’t cross shred.
And then someone has 50 or 100 people sitting there going through all that shredded paper and putting it back together.
Which is why I say cross shredding.
So where a paper that got shredded with one of the types they did in the movie would be maybe 50, 60 pieces, they need to put back together.
With a cross shredder, maybe it’s 500 or 1,000. Still doable, but much, much less likely.
Which then brings us to digital disposal.
Here, we have many more options of how we destroy the data.
And again, we pick the option that is most appropriate for what we are getting rid of.
And as you can see, this is elephant time.
Meaning, this is an important, important topic because on the exam you might see one of these key words.
You might see purge, well then, you need to know what is different between deletion, purging, sanitation and any of the other options to pick the appropriate answer.
And also know which type of disposal works on which types of media.
If we’re talking about storage tapes, well then, we could technically degauss them or shred them.
If we’re talking about SSD drives, well then, we can’t degauss.
Or if the media is damaged, what if we have a hard disk where we can’t encrypt it or overwrite it?
Well then, we need other controls in place that will compensate for that.
So starting out with deletion.
That is just you deleting your file on whatever system you are on.
Really does nothing.
It removes the file from the table, but the path is still there.
The file is not gone.
It’s not going to stay there forever, but it is going to stay there until that location is overwritten.
This same with formatting.
If you format a hard drive, everything is still there.
It just puts a new file structure over the old one.
Everything here is still in the same location until something is written on top of it.
Which then brings us to overwriting or clearing.
This is done by having a program write all 0s or all 1s or random characters over every bit on the drive.
In most cases that is probably enough.
But there have been cases where people were able to retrieve data from a drive that had been overwritten.
Another pitfall here can be, what do you do when you have a damaged drive?
You can’t overwrite that.
Or if just sectors are damaged, they can still contain valid data and if we can’t overwrite them, well, that data is still there.
We can also choose if the drive is still functional to encrypt the whole drive, even if we do other sanitation later.
It’s just another layer in our defense.
Purging and sanitation are two of the key words I talked about earlier.
Sanitation is where we make the recovery of the data on the drive; infeasible for a given level of recovery effort.
What that means is, that if we say at this level of effort, it should be infeasible for them to recover the data.
But if they put in more effort, well, maybe they can.
As you can hear, this does not prevent recovery of data, but it still might be enough.
If the data they are going to get off our drive is worth $10,000 and it’s going to cost them, $1 million.
Well then, that makes sense.
I don’t know of any examples where it cost them a million, but that’s not the point.
With data destruction though, It is one of those areas where it’s not super cost effective to cut corners.
So in most places, we probably do what I mentioned earlier.
We have the same disposable profile for everything we get rid of.
In one of the places I worked, it was degaussing for all spinning disks and then disk shredding.
The drives already were encrypted.
For SSD drives, we would just shred them, but the shred would be much finer.
So back to the slide.
Purging is where we remove the sensitive data from the system or the device to a point where it is no longer feasible to recover, even in a laboratory environments.
Meaning, it doesn’t matter how much time and how much money they throw at this, they cannot recover our data.
For data destruction, a common type of that could be degaussing.
And this is what we would use on spinning disks and anything where the data is stored magnetically.
For an SSD drive, this does nothing.
And it is really just a giant electromagnetic field that changes in the magnetic charge on the drives.
You’ve seen the movie, right?
This hacker is compromised.
They have to destroy the proof.
They take their hard drive out and they put it in the microwave.
This is just much, much stronger.
Now remember, all this is data destruction.
It will most likely also render the drive unusable.
If we are planning to use the drives again well then, really, overwriting is the only option.
Which then brings us to disk shredders.
And they are actually very similar to the cross shredders we use for the paper, except they’re giant machines because they have to be able to shred a hard drive.
You can also get them in the form of a disk crusher, where they just crush the disk, they don’t shred it.
They are often much cheaper and much smaller.
You put a disk in, they push multiple metal pins through the disk, breaking it up, crushing it.
Most of the pieces that come out are maybe an inch, maybe two.
That’s 2.5 to 5 centimeters.
And in most cases that is probably fine.
But if it is very sensitive data, we would want to use the shredder.
A disk crusher can be reasonably inexpensive for a company, maybe $5,000 -10,000 dollars.
A disk shredder is probably closer to $45,000 dollars.
I think the last one I was involved in buying was $35,000, $40,000.
To some organizations, that’s nothing.
To others, that might be a lot.
In those cases, we could be lucky and have a company that can do it for us.
Just like the paper, they come pick the disks up, gives us a receipt and then certifies that all these hard drives, all these storage tapes, have been destroyed and we have a full inventory with all the serial numbers.
You could, technically, also use incineration, pulverization, melting, or acid.
I have never heard of anywhere where they actually did this, but I mean, the more you destroy something, the more certain you can be that wehave proper data destruction.
And like I said, it is very common to do multiple types of destruction.
At the bank where I worked, we had full disk encryption.
Then we would degauss the disk and then we would crush it.
At the hospital, we did not do the degauss, but everything was fully encrypted, and then we used the shredder.
And for 95% of our digital disposal, this might be overkill.
But it is much, much cheaper to do this and spend the little extra money than it is to lose data that is worth a $1 or $10 million.
And yes, I have been the guy that gets handed 400 hard disks where I then, have to degauss every single one of them and then crush the hard disks.
That’s a couple of days work right there.
Now, if we had had a proper shredder, it would maybe have been an hour or two.
And with that, we are done with this lecture.
I will see you in the next one.