Ensuring Appropriate Retention
One of the important aspects of cyber security is Ensure Appropriate Retention. In this part of this tutorial, we’ll take a look at ensuring appropriate retention to help you understand the different aspects of appropriate retention. An asset in the form of data may store in digital media and hard.
Data in Media
Storage media such as hard disks, backup tapes, CDs, and diskettes, need additional security measures to ensure the security of the data they hold. Controls should ensure the prevention of data disclosure and modification by an unauthorized person.
Consider the following controls for media security:
- Storage controls are the primary means to protect the data in storage media, such as hard disks, magnetic tapes, CDs, and so on. This consideration should be secured by Encrypted keys.
- Maintenance is a regular process to ensure that the data in the storage media is not corrupted or damaged.
- Usage instructions should be provided properly.
- Media usage should comply with the established policies and procedures.
- Data destruction is done by way of formatting the media. Formatting may not completely delete all the data. To completely remove the data, it is recommended formatting the media seven times for complete data destruction.
Data in Hardware
The following controls need to be considered for protection from being stolen:
- Cable locks are used to physically secure PCs and laptop computers. These locks prevent the computer or laptop being detached and stolen.
- Port protection is to ensure the media sharing devices, such as CD-ROM, floppy drive, USB, Wi-Fi ports, printers, and scanners are not accessible by unauthorized personnel.
- The purpose of port protection is to prevent the downloading and sharing of confidential information by unauthorized users to a portable medium.
- Switches are used to prevent a malicious user to power on/off the systems.
- Encryption makes the folders and files secured.