Understanding Data Security - Part II
The guiding principle for deciding what is necessary method or process of data erasure is to ensure that the enemies cost of recovering the data exceeds the value of the data. If the media does not hold confidential information, overwriting or deleting the files may be the appropriate solution.
Media should be clearly marked and logged, its integrity should be verified, and it should be properly erased of data when no longer needed.
Methods of Data Destruction
The following are most commonly used methods of data destruction:
- Delete
- Degauss
- Physical destruction
- Software Overwrite
Delete
When we use all Delete and Format commands (even with switches such as Format C: /D) affect only the File Allocation Table (FAT) and we do not actually erase any data. Until the “deleted” data is overwritten with other data, it still exists and poses a significant danger to an organization. Deleting/formatting data is an extremely ineffective method of data destruction and should be avoided.
Degaussing
When we degauss, the process involves using a machine that produces a strong electromagnetic field to destroy all magnetically recorded data. This process of data destruction may have been effective in the past as a strong electromagnetic field was not needed to destroy data. However, when we use modern hard drives, they use thicker shielding and require a much stronger electromagnetic field in order to ensure a complete erasure. There is no way to guarantee that a particular degassing machine will do a thorough job and therefore poses a security risk.
Physical Destruction
When we use the process of physical destruction, hard drives and other storage media are usually shredded into tiny pieces by large mechanical shredders/machines. This is considered an effective way of destroying data and preventing data. Drilling holes in a hard drive is another method of physical destruction. For us it’s important to remember that mechanical shredding, drilling and hammering don’t actually destroy data but make the drive inoperable preventing data recovery.
Software Overwrite
When we use the software based data destruction process, it involves using a special application or software program to write patterns of meaningless data onto each of the hard drive’s sectors. This process works by overwriting the data with a combination of 1’s and 0’s. The level of security depends on the number of times the entire hard drive is written over. This process is also known as zeroization.
Data Remanence
This is the residual physical representation of the information that was saved and then erased in some fashion. This remanence can be enough to reconstruct the data and restore it to readable form. If the media is reassigned, then an unauthorized individual could gain access to your sensitive data.
Data Recovery
Data recovery is the process or methodology of salvaging or recovering data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives, solid-state drives (SSD), USB flash drive, storage tapes, CDs, DVDs, RAID, and other electronics. Recovery may be required due to physical damage to the storage device or logical damage to the file system that prevents it from being mounted by the host operating system.
Recovery Techniques
Multiple techniques are involved to recover data from physically damaged hardware. We can repair some damage by replacing parts in the hard disk. This can alone make the disk usable, but there could still be logical damage. A specialized disk-imaging procedure is used to recover every readable bit from the surface. Once this image is acquired and saved on a reliable medium, the image can be safely analyzed for logical damage and will possibly allow much of the original file system to be reconstructed.
Data Backup
In Computer Science a backup is defined as the process of backing up, refers to the copying and archiving of computer data so it may be used to restore the original after a data loss event
Data Backup Strategies
- Full / System Imaging
- Incremental
- Differential
Happy learning! We wish you good luck in your "CISM Certification Program" journey!