Date: Thu, 28 Mar 2024 16:16:12 +0000 (UTC) Message-ID: <908229428.6635.1711642572505@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6634_427516199.1711642572503" ------=_Part_6634_427516199.1711642572503 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Last reviewed: July 2015= span>
Much sensitive and private information at educational institutions is re= corded and maintained outside central information technology systems on var= ious desktop and portable devices and removable media. This information is = recorded and maintained by university and college community members includi= ng full and part-time faculty, administrators and staff members.
Sensitive data may include information classified by the institution's a= dministration; information protected by laws such as FERPA, HIPAA, GLBA, an= d state law; information that could lead to identity theft, institutional e= mbarrassment, or loss of personal privacy; and licensed software or restric= ted intellectual property. Common storage devices and media include desktop= , portable, and laptop computers; personal digital assistants (PDA's) and C= ellular Telephones; removable storage such as CD's, DVDs, floppy disks, ZIP= disks, external hard drives, USB drives, and MP3 players.
When these storage and media devices become obsolete or are no longer ne=
eded the sensitive or private data must be effectively removed from the sto=
rage media or be destroyed before the devices are recycled, reused, dispose=
d of, or discarded. The removal process is variously called data removal, d=
ata/media sanitization, data/media destruction, or similar terms.
Many educational institutions have developed policies on removal of inst= itutional data from obsolete or excess information technology assets. Howev= er, until the NIST Guidelines for Media Sanitization were issued in Septemb= er 2006, little authoritative, comprehensive, and straightforward informati= on and advice on media sanitization was available. As a result institutions= have often chosen ineffective or excessively expensive policy approaches f= or assets scheduled for recycling, internal or external reuse, or disposal.=
For example, some institutions specify simple disk formatting. This appr= oach does not actually destroy the information on the media. Others specify= complex and relatively costly Department of Defense procedures which go fa= r beyond the requirements to defeat any data burglar without sophisticated = laboratory equipment and a great deal of disposable time. Others require ro= utine degaussing or total physical destruction in all cases. That approach = ignores the actual information value and and the actual extent of any risks= associated with the stored information while eliminating any residual devi= ce value either within the institution or to external organizations.
Educational institutions are encouraged to carefully re-evaluate their e= xisting policies on media sanitization, or to thoughtfully create such poli= cies if none currently exist, using the = NIST Guidelines for Media Sanitization and the practical advice collate= d here.
The National Institute of Standards and Technology published NIST 800-88 Revision 1, Guidelines for Medi= a Sanitization, in December 2014. This document provides the p= reviously missing authoritative and comprehensive advice and forms the basi= s for a rational approach to protecting and eliminating sensitive data stor= ed on no longer needed IT assets and media.
The NIST Guidelines identify four types of media sanitization to employ = with different data security categories on various types of storage media a= nd devices. The sanitization types in order of effectiveness and severity a= re Disposal, Clearing, Purging, and Destroying.
The sanitization types are hierarchical in that Purging also Clears whil= e Destroying also Purges and Clears. Full details on the four types of medi= a sanitization are provided in section 2.4 and section 5 of the NIST Guidel= ines.
The NIST Guidelines, Section 3 covers recommended roles and responsibili= ties for staff members involved in media sanitization. A detailed process f= or deciding which type of media sanitization is appropriate in a specific c= ase is laid out in the NIST Guidelines, Section 4.
NIST Guidelines, Appendix A recommends specific methods to accomplish ea= ch type of sanitization for a very broad range of media types and storage d= evices currently or historically used in information technology. NIST Guide= lines, Appendix B presents a comprehensive glossary while NIST Guidelines, = Appendix C covers tools and resources. NIST Guidelines, Appendix D provides= advice for home users and telecommuters and NIST Guidelines, Appendix E li= sts technical references.
The NIST Guidelines roles and responsibilities and the decision-making p= rocess can map well into higher education institutions. In addition, indivi= dual community members can apply the sanitization recommendations in the ab= sence of highly technical support staff.
The decision-making process for how to appropriately sanitize a device o= r media involves several steps. These include:
To apply the NIST Guidelines most effectively, an institution should hav= e a data classification policy to aid in assessing data sensitivity. The in= stitution's specific classifications can then map into the low, moderate, a= nd high security categories used in the NIST Guidelines' sanitization decis= ion-making process. In addition, the policy should be well publicized so th= at the institution's community members can either accurately assess data se= nsitivity themselves or assist a specialist in making an assessment. In pra= ctical application, the highest security category of any data stored on the= media should apply to the entire media. Section 2.5 of the NIST Guidelines= provides a list of considerations for the entire decision-making process.<= /p>
The assessment of sensitivity and risks should include consideration of = issues such as license breaches and intellectual property disclosures as we= ll as institutional disruption or embarrassment and loss of personal privac= y and identity theft. A knowledgeable and responsible individual should cer= tify the assessment.
Once the Security Category has been assessed, an appropriate media sanit= ization type should be selected based on the assessment. Then the most cost= -effective technique for the media and sanitization type can be implemented= . Cost considerations should include any loss of residual value from partia= l or complete destruction of a reusable data storage asset.
For the most common educational institution faculty and staff situations= the assets to be sanitized will be paper; Windows, Macintosh, and Unix des= ktop and laptop computers; and peripheral devices and media. The computers = will have hard drives and solid state storage and typically will also be us= ed with removable media such as floppy disks, ZIP disks, CD's, DVD's, exter= nal hard drives, USB drives and MP3 players. In addition to MP3 players, Ce= llular telephones and PDA's are increasingly becoming sanitization concerns= .
Media sanitization by Clearing will likely be sufficient for most common= applications in higher education. Some highly sensitive data may require P= urging if a potential thief is assumed to have access to laboratory-grade r= econstruction facilities. It is likely that only a small fraction of instit= utional data would require sanitization by Destruction though that may be s= elected as the lowest cost alternative. The NIST Guidelines note that for m= any sorts of media the acts of Purging, Clearing, and/or Destroying may be = equivalent. For example, crosscut shredding implements all three sanitizati= on types for paper media.
Consult the NIST Guidelines, Appendi= x A for full detail on specific techniques to implement each type of sa= nitization on various media. The range of media types in the Appendix is qu= ite comprehensive and includes devices such as copiers and fax machines and= media such as paper, hard drives of all types, and many varieties of memor= y. Recommendations based on the appendix for some common cases are included= below.
While Clearing or perhaps Purging would be appropriate for most examples= of these media types, for normal volumes of magnetic or optical media with= any level of sensitive data the most cost effective data sanitization meth= od may well be Destruction. The residual value of floppy and zip disks is l= ow, so Clearing or Purging may not be worth the effort. A cost-effective te= chnique for secure Destruction of office volumes will likely be shredding i= n a crosscut or diamond-cut office paper shredder designed for optical disk= destruction. A commercial provider can shred bulk volumes. Consult the NIST Guidelines, Appendix A for other = alternatives.
To sanitize the disks of these devices by Clearing, an overwriting tool = can be used. If your institution has not purchased a standard tool, you can= consider a number of open source or freeware tools such as:
Since none of the open source or freeware tools listed above will work w= ith computers running a Macintosh operating system, consider using Jiiva's = SuperScrubber, which is a disk sanitization product for the Mac. MIT's Info= rmation Services & Technology Department provides examples of additional so= ftware options for Windows, Macintosh, and Unix.
To Purge data from devices with modern ATA disk drives, consider using t= he Secure Erase utility from The University of California at San = Diego or secure erase functions in commercial packages or operating systems= . You can also use degaussers or degaussing wands, though these will effect= ively destroy a disk drive by making it permanently unusable. In these case= s, physical Destruction may be more cost effective.
To sanitize these memory devices by Clearing an overwriting tool such as= one of those listed above for disks can be used. If Purging is necessary, = the devices should be physically destroyed by shredding, disintegrating, pu= lverizing, or incineration.
For Clearing or Purging the NIST Gui= delines, Appendix A recommends manually deleting all information and th= en performing a full manufacturer's reset to factory default settings. It f= urther recommends contacting the manufacturer for current sanitization proc= edures.
Higher education institutions use many systems that fall outside the mos= t common situations. These include complex systems such as servers, server = systems, robust storage systems, and scientific instruments. In addition th= ere is a good deal of obsolete and outdated equipment still in current use = at higher education institutions. Provisions must also be made for equipmen= t returned to manufacturers or sent for repair.
Questions or= comments? Contact us.
Except wher= e otherwise noted, this work is licensed under a Creative Commons Attributi= on-NonCommercial-ShareAlike 4.0 International License (= CC BY-NC-SA 4.0).