Security is an enormous concern for both hard-copy and electronic data-storage media. Is shredding important documents good enough? And what’s the equivalent of the paper shredder for electronic media? A new “how-to” guide free from the National Institute of Standards and Technology (NIST) helps explain the methods available for protecting sensitive or personal data.
Before ditching or donating a used computer, CD, or other data-storage media, information should be properly sanitized, according to the new guide from NIST. Information systems store data using a wide variety of media, including “hard” copy, such as paper printouts and facsimile ribbons, and electronic media, including cell phones, CDs or DVDs, and hard drives. Even if stored data supposedly has been deleted, in many cases residual data can be retrieved and reconstructed.
The NIST guide, Guidelines for Media Sanitization, provides information on techniques to remove data from a wide variety of media types and a decision matrix to determine which technique is best. The guide recommends that organizations first determine the confidentiality of the information and then decide how to dispose of the media. Appendices include a glossary and lists of resources, including free software downloads.
The guide describes the three most common methods of sanitizing media:
The guide also recommends that organizations establish an information security governance structure, and describes the security responsibilities of everyone in the organization—from program managers and agency heads to users.
Guidelines for Media Sanitization is available at http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf.