Blog Entry
A recent local conference on informational security in this modern age introduced a new concept. It's that of "media sanitation". I heard about it at a presentation on a different topic and missed the actual presentation on "Cleaning Spells," so I went online and found an informative article by T. Olzak (June 2006). His article "Fundamentals of Storage Media Sanitation" offers a very accessible view of this issue.
Olzak cites Scholl, et al.'s 2006 definition of media sanitation as "the general process of removing data from storage media, such that there is reasonable assurance, I proportion to the confidentiality of the data,that the data may not be retrieved and reconstructed."
This author differentiates between "keyboard retrieval" of sensitive materials with off-the-shelf and freeware downloads vs. that of lab-based methods, which are more sophisticated. He describes "data remanence" as a kind of digital shadow left over after data has inhabited a particular digital memory space and the risks of that. A single overwrite of a hard drive may not be sufficient to erase data traces. Memory if it holds information for a long time or its initial imprinting may show a tendency that is persistent, even after overwriting.
He suggests that making it prohibitively difficult (raising the "work factor") to restore that information would be important. He addresses degaussing. Then, he adds physical methods of destruction of memory devices, including "pulverizing, smelting, incineration,and shredding." Optical disks may be ruined with a sanding to the recording surface.
What used to be in the province of the techies has spilled over to that of instructional design.
Instructional designers generally do not handle sensitive information like SSNs and credit card numbers. They don't often handle sensitive personnel records.
However, occasionally, there are sensitive documents. Any non-directory information of students is considered private and protected under FERPA, so those IDs that also teach may be handling sensitive information. IDs may handle sensitive grant documents. There may be masses of digital files that are from the professional collections of various subject matter experts - and those can be highly sensitive. It all depends on the nature of the project.
An endeavor at my university codifies information in four main groupings: public, internal, confidential and proprietary (on loan from outside entities) - in an escalating scale requiring higher levels of protection and much more self-awareness by those who would handle this information.
Threats may be both external and internal to an organization. The point then seems to be to localize and minimize risks and to have ways to detect if breaches have occurred.
The presenter suggested that challenges come from ignorance of this issue, of applicable laws and regulations, and of where security gaps may exist. Inadvertent disclosures may occur. Pretexting (a kind of inadvertent disclosure) may result in the release of sensitive data, and with pieces put together, larger understandings may be arrived at that may compromise security overall instead of just piecemeal.
There may be thefts of data. Incaution may leave sensitive information widely accessible. Improper disposal of information may create crimes of opportunity. Deliberate attacks on computer systems may involve risks, and IT systems (both highly distributed and highly centralized) have their own gaps.
The push to back up digital materials in several locations may leave those charged with handling the information ill informed about just where all the copies may be - those visible and invisible. Catastrophic failures of systems may lead to information integrity compromises.
And the mobility of information - traveling on laptops, USB drives, mobile devices, smart phones, and the like - also make it harder to create a protective layer around sensitive data.
The presenter observed that informational confidentiality, integrity and availability all have to be supported.
He emphasized the importance of knowing what data one has to handle on a day-to-day basis and also to know its value. It's critical to know the location of every copy of the file, including the semi-invisible backups that may be automatically made. An organization needs to know clearly who has responsibility for the various information and who has access to it. They also need to know the various and evolving threats to that data.
The campus' "Data Classification and Security Policy and Standards" will address a variety of factors: access controls, copy controls, network security, system security, physical security, remote access, information storage and transmission, backups, media sanitation, training, and audit schedules.
To help people realize what they may have on their desktops, the presenter introduced several tools available online that use pattern recognition and matching to find potential SSNs and credit card numbers.
Spider from Cornell http://www.cit.cornell.edu/security/tools/
Sensitive Number Finders (UT Austin) https://source.ifs.utexas.edu/groups/its-iso/projects/senf
The freeware downloadable Eraser on CNET (www.download.com) is a great tool for keeping unused spaces sanitized.
It seems wise to use everything possible to totally sanitize media. After all, there's the possibility of new, future or as-yet unknown technologies that may be able to go back and extract sensitive information in ways not conceptualized today. It seems that if people noodle around with something long enough, they may be able to solve something that may initially seem unsolvable.
It is always easier to over-prepare and have invested some effort towards extra security than to view a security lapse in retrospect after massive loss.
Comments
No comments have yet been posted on this post.
Post a comment