Forensics in Spanish
Saneamiento de Medios de Almacenamiento Apr 18 2006 04:56PM
Jeimy José Cano Martínez (jcano uniandes edu co)


Estimados profesionales,

Remito un interesante documento borrador del NIST sobre saneamiento de medios de
almacenamiento que ofrece directivas claras sobre el tema. Espero sea de su
interés.

http://csrc.nist.gov/publications/drafts/DRAFT-sp800-88-Feb3_2006.pdf

Resumen Ejecutivo
------------------------------------------------------------------------
-----
Information systems capture, process, and store information using a wide variety
of media. This information is located not only on the intended storage media
but also on devices used to create, process, or transmit this information. This
media may require special disposition in order to mitigate the risk of
unauthorized disclosure of information and to ensure its
confidentiality. Efficient and effective management of information created,
processed, and stored by an information technology (IT) system throughout its
life (from inception through disposal) is a primary concern of an information
system owner.

With the more prevalent use of increasingly sophisticated encryption, an
attacker wishing to gain access to an organization?s sensitive information is
forced to look outside the system itself for that information. One avenue of
attack is the recovery of supposedly deleted data from media. These residual
data may allow unauthorized individuals to reconstruct data and thereby gain
access to sensitive information. Sanitization can be used to thwart this attack
by ensuring that deleted data cannot be easily recovered.

When storage media are transferred, become obsolete, or are no longer usable or
required by an information system, it is important to ensure that residual
magnetic, optical, or electrical representation of data that has been deleted
is not easily recoverable. Sanitization refers to the general process of
removing data from storage media, such that there is reasonable assurance,
in proportion to the confidentiality of the data, that the data may not be
retrieved and reconstructed.

This guide will assist organizations and system owners in making practical
sanitization decisions based on the level of confidentiality of their
information. It does not, and cannot, specifically address all known types of
media; however, the described sanitization decision process can be applied
universally.

------------------------------------------------------------------------
-----

Jeimy J. Cano, Ph.D, CFE
Universidad de los Andes
Bogota, D.C
COLOMBIA

Editor of "Critical Reflections on Information Systems. A systemic approach"
http://www.idea-group.com/books/details.asp?id=507

------------------------------------------------------------------------
--------
Este correo y su contenido son confidenciales y exclusivos para su
destinatario. Si usted recibe este mensaje por error o no es el destinatario
del mismo, por favor sírvase eliminarlo y notificarle a su originador. Así
mismo, todas las ideas y reflexiones expresadas en esta comunicación
corresponden al originador del correo y NO representa la posición oficial de su
empleador.
------------------------------------------------------------------------
--------
This email is intended only for the addressee(s) and contains information which
may be confidential, legally privileged. If you are not intended recipient
please do not save, forward, disclose or copy the content of this email. Please
delete it completely from your system and notify originator.Finally, all
ideas expressed in this communication are personal comments and NOT represent
official position of his employer.
------------------------------------------------------------------------
--------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus