IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.32 Physical deletion of data media before and
after usage
Initiation responsibility: IT Security Management
Implementation responsibility: IT Procedures Officer
In addition to the instructions on deletion and destruction of data carriers
mentioned in measure S 2.167 Secure deletion of data media, the following
items must be observed for the exchange of data media:
Magnetic data media intended for exchange should be physically erased
before being written with the information to be transmitted. This is to prevent
the transmission of residual data which the recipient has no authority to
receive.
Physical erasure sufficient for medium-level protection can be achieved by
overwriting the entire data medium or at least the used sectors with a certain
pattern. Another alternative is to format the data medium, if this cannot be
undone again (e.g. DOS version 5.0: format/u). Certain commercially
available products even allow the physical erasure of individual files.
As a rule, transmitted data also requires protection by the recipient. Once the
data has been received, the data medium should again be physically erased.
Optical data media (in this case: WORM) should not be used for data
exchange if they bear other information which is not meant for the recipient
and cannot be erased.
Additional controls:
- Are the persons responsible for the exchange of data media familiar with
the process of physical erasure?
- Do these employees have access to suitable programs for physical erasure?
- Are the recipients of confidential information notified about its data
protection requirements?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000