Manual Transaction. A user-initiated operation (also referred to as a “user-initiated transaction‟). This is the opposite of a system-generated automated process. Example: A user enters a client’s information including the client’s SSN and presses the “ENTER‟ key to acknowledge that input of data is complete. A new screen appears with multiple options, which include “VERIFY SSN‟ and “CONTINUE‟. The user has the option to verify the client’s SSN or perform alternative actions. Media Sanitization:
Manual Transaction. A user-initiated operation (also referred to as a “user-initiated transaction‟). This is the opposite of a system-generated automated process. Example: A user enters a client’s information including the client’s SSN and presses the “ENTER‟ key to acknowledge that input of data is complete. A new screen appears with multiple options, which include “VERIFY SSN‟ and “CONTINUE‟. The user has the option to verify the client’s SSN or perform alternative actions. Media Sanitization: • Disposal: Refers to the discarding (e.g., recycling) of media that contains no sensitive or confidential data.
Manual Transaction. A user-initiated operation (also referred to as a “user-initiated transaction‟). This is the opposite of a system-generated automated process. Example: A user enters a client’s information including the client’s SSN and presses the “ENTER‟ key to acknowledge that input of data is complete. A new screen appears with multiple options, which include “VERIFY SSN‟ and “CONTINUE‟. The user has the option to verify the client’s SSN or perform alternative actions. Media Sanitization: Disposal: Refers to the discarding (e.g., recycling) of media that contains no sensitive or confidential data. Clearing: This type of media sanitization is adequate for protecting information from a robust keyboard attack. Clearing must prevent retrieval of information by data, disk, or file recovery utilities. Clearing must be resistant to keystroke recovery attempts executed from standard input devices and from data scavenging tools. For example, overwriting is an acceptable method for clearing media. Deleting items, however, is not sufficient for clearing. This process may include overwriting all addressable locations of the data, as well as its logical storage location (e.g., its file allocation table). The aim of the overwriting process is to replace or obfuscate existing information with random data. Most rewriteable media may be cleared by a single overwrite. This method of sanitization is not possible on un-writeable or damaged media. Purging: This type of media sanitization is a process that protects information from a laboratory attack. The terms clearing and purging are sometimes synonymous. However, for some media, clearing is not sufficient for purging (i.e., protecting data from a laboratory attack). Although most re-writeable media requires a single overwrite, purging may require multiple rewrites using different characters for each write cycle. This is because a laboratory attack involves threats with the capability to employ non-standard assets (e.g., specialized hardware) to attempt data recovery on media outside of that media’s normal operating environment. Degaussing is also an example of an acceptable method for purging magnetic media. The EIEP should destroy media if purging is not a viable method for sanitization. Destruction: Physical destruction of media is the most effective form of sanitization. Methods of destruction include burning, pulverizing, and shredding. Any residual medium should be able to withstand a laboratory attack. Permission module: A...
