Chapter 11: Security Operations - Media Controls

Media is defined as anything that contains company data. This could be electronic (disks, CDs, DVDs, thumb drives) or it could be information that is in traditional paper form. These items should be stored in a "library" and only authorized personnel should have access to them. The media should also be protected from environmental threats, such as fire or humidity. Data from these media devices should be erased properly, and unwanted devices should be disposed of in a protected manner to ensure that unauthorized people do not obtain them. When media is erased from a device, the device is said to be sanitized. The zeroization method of sanitation is when data is overwritten with new data, and there is no possible way that the old data can be recovered. Degauassing is another method of sanitization, in which the data is scrambled so that is cannot be read. There are 7 area that a media librarian is responsible for. Media should be marked. Media should be properly logged. The integrity of the media on a device should be verified. Librarians should control physical access to the media. Librarians should ensure environmental protection of the media. They should make sure that media data is transmitted securely and to the appropriate parties. Lastly, librarians should make sure that media is disposed of properly.