IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.13 Correct disposal of resources requiring
protection
Initiation responsibility: Agency/company management; Head of IT
Section; IT Security Management
Implementation responsibility: Head of Site/Bldg Technical Service; staff
members
Resources (non-monetary resources) on which sensitive data are stored
(printing paper, floppy disks, streamer tapes, magnetic tapes, hard disks, but
also special toner cassettes, carbon paper or carbon ribbon) and which are no
longer needed or, on account of a defect, are to be discarded, must be disposed
of in such a way that no conclusions can be drawn as regards previously stored
data. In the case of functioning data media, the data should be physically
deleted. Non-functioning data media such as CD-ROMS should be destroyed
mechanically (see S 2.167 Secure deletion of data carriers).
The recommended disposal of material requiring protection should be detailed
in a specific directive; adequate disposal facilities are to be provided (see also
DIN 32757).
If sensitive resources are collected prior to their disposal, the collected
material must be kept under lock and be protected against unauthorised access.
If, within the given company/agency, safe and environmentally-sound disposal
cannot be ensured, the companies entrusted with this task must be put under
obligation to comply with the required IT security measures. A sample
contract is enclosed with this manual.
Additional controls:
- Are all types of material requiring protection covered by the
aforementioned provisions?
- Is the disposal procedure reliable?
- Are the specified disposal provisions complied with?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000