词条 | Infosec Standard 5 |
释义 |
HMG Infosec Standard 5, or IS5, is a data destruction standard used by the British government. ContextIS5 is part of a larger family of IT security standards published by CESG; it is referred to by the more general Infosec Standard No.1.[1] IS5 is similar to DOD 5220.22-M (used in the USA).[2] RequirementsIS5 sets a wide range of requirements—not just the technical detail of overwriting data, but also the policies and processes that organisations should have in place, to ensure that media are disposed of securely. IS5 also touches on risk management accreditation, because secure reuse and disposal of media is an important control for organisations handling high-impact data. It's not sufficient just to sanitise media; the sanitisation should also be auditable, and records must be kept.[3] IS5 defines two different levels of overwriting:[4]
Regardless of which level is used, verification is needed to ensure that overwriting was successful. Apart from overwriting, other methods could be used, such as degaussing, or physical destruction of the media. With some inexpensive media, destruction and replacement may be cheaper than sanitisation followed by reuse. ATA Secure Erase is not approved. Different methods apply to different media, ranging from paper to CDs to mobile phones. The choice of method affects reusability. Four different outcomes are considered:
Stricter requirements apply to data with a stronger protective marking or IL. In some cases, media at or above IL4 / CONFIDENTIAL may have to be handled at a secure site, such as a List X site. References1. ^HMG Infosec Standard No. 1 2. ^{{cite web|url=http://www.it-green.co.uk/hard_disk_data_destruction.html|title=Computer Hard Disk Data Destruction|accessdate=4 June 2013}} 3. ^HMG IA Standard No. 5: Secure Sanitisation. Issue 4.0, April 2011 4. ^{{cite web|url=http://www.datarecoveryservices.uk.com/software_destruction.htm|title=Software Data Destruction Services|accessdate=4 June 2013}} 2 : Information assurance standards|IT risk management |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。