Page 32 - Cyber Warnings
P. 32
but most include software overwriting of affected data sectors.
Correcting the data spill can be a minor task or a massive undertaking depending on the
sensitivity of the data, the level of clearance of the systems and the personnel involved, and the
kind of contaminated storage media.
Wiping files or entire hard drives involved in a data spill
In the event of a data spill, all involved endpoints should be wiped. The wiping process can
target selected files or entire disks. Either way the software used during the clean up phase
should meet the following requirements:
A minimum of three-cycle overwriting sanitization is required to be a complete wipe
(different specifications can be required by different organizations).
The first cycle writes a pattern, the second follows with the complement pattern, and the
third and final cycle is a different, unclassified pattern.
Random data reading for overwrite verification should be included in the software,
although a separate utility can be used for verification.
Printed results of wipe including disk integrity reporting needs to be included in the wipe
software. Bad sectors or blocks on a disk require that the disk be destroyed or
degaussed.
Whole disk wipes must be complete, including partition tables, user data, operating
systems, and any boot records.
They must also wipe Device Configuration Overlay (DCO) sectors if the disks are ATA-6.
A whole disk wipe must also be able to clear a Host Protected Area (HPA).
Center for Development of Security Excellence. “Student Guide Data Spills Short”. [Online],
Available:
http://www.cdse.edu/multimedia/shorts/spills/common/cw/data/CDSE_DS_Student_Guide.pdf
[28 June 2017].
Defense Security Service. “DSS ISFO Process Manual for C&A of Classified Systems under
NISPOM”. August 15, 2010.
32 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
