CertiGuide to Security+  9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)       9  5.4  Policy and Procedures            9  5.4.1  Security Policy

5.4.1.7  SLAs (Service Level Agreements) 1 5.4.1.9  HR (Human Resources) Policy

The term used for finding discarded information is called dumpster diving. Silicon Valley dumpsters were famous for what surfaced in the trash. One of your authors, who shall remain nameless, recovered a CPU – hard drive data, still intact – one morning, after seeing an overflowing dumpster in a public parking lot along Stevens Creek Boulevard. More dangerous to organizations than the loss of equipment (which they’ve thrown out and presumably don’t want anyway) is the disclosure of confidential information that could occur if the wrong person gets hold of the discarded data. This is much more common the most of us could believe⁴³³.

For tape and floppies, use degausses on magnetic media to help get rid of data. Erasing individual files, and even formatting a drive, does not necessarily result in the destruction of data on the drive. Microsoft has a tool for removing hidden data in Word 2003/XP ⁴³⁴

Secure erasing is a procedure of writing random byte patterns to change the magnetic information to prevent “un-erasing” of data. It is possible to recover data unless this is done. The command FDISK destroys the index of file structures. Think of a library with a manual card file for locating books. Destroying the card file does not make the library go away, just more difficult to find things ⁴³⁵.

The only way to be really sure that a hard drive can no longer reveal data is to use a file -- the physical kind -- on the surface of the platters.

5.4.1.7  SLAs (Service Level Agreements) 1 5.4.1.9  HR (Human Resources) Policy