Chapter 5 - Protecting Security Of Assets Flashcards
Describe the best method to sanitize SSDs.
Solid state drives (SSDs) should be destroyed to sanitize them. Traditional methods used hard drives and are not reliable.
The two valid options for destroying data on SSD drives are ATA secure erase and destruction. Destruction is the best method for SSD drives that are physically damaged.
Identify the problem with sanitation method
Sanitizer ion can be unreliable because personnel can perform the purging, degaussing, or other processes improperly. When done properly, purged data is not recoverable using any known methods.
Most reliable way of destroying data on a solid state drive
Purging. It overwrites the media with random bits multiple times and includes additional steps to ensure data is removed.
In the context of the EU Data Protection law, what is data processor?
The EU Data Protection law defines a data processor as “a natural or legal person which processes personal data solely on behalf of the data controller.” In this context, the data controller is the person or entity that controls processing of data.
Record retention
Record retention involves retaining and maintaining important information as long as it is needed and destroying it when it is no longer needed.
Disclosure of residual data
Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to disclosure of residual data. It is important that steps be taken to eliminate the chance for the disclosure of residual data.
Object reuse refers to the allocation or reallocation of system resources to a user or, more appropriately, to an application or process. Applications and services on a computer system may create or use objects in memory and in storage to perform programmatic functions. In some cases, it is necessary to share these resources between various system applications. However, some objects may be employed by an application to perform privileged tasks on behalf of an authorized user or upstream application. If object usage is not controlled or the data in those objects is not erased after use, they may become available to unauthorized users or processes.
Disclosure of residual data and Unauthorized obtaining of a privileged execution state are both a problem with shared memory and resources. Not clearing the heap/stack can result in residual data and may also allow the user to step on somebody’s session if the security token/identify was maintained in that space. This is generally more malicious and intentional than accidental though. The MOST common issue would be Disclosure of residual data.
Differences between a System Owner and data owner.
System owner is a manager responsible for the actual computer that houses the data. This includes hardware and software configurations, include updates and patching. They ensure hardware is physically secure, operating system is patched up to date, system is hardened. Technical hands-on responsibilities are delegated to custodians.
The difference between a System Owner and a Data Owner is straightforward. The System Owner is responsible for securing the computer hardware and software. The Data Owner is responsible for protecting the data contained within the computer
