 
|
 
|
Ownership
Business or mission owners
Business Owners and Mission Owners (senior management) create the information security program and ensure that it is properly staffed, funded and has organizational priority. They are responsible for ensuring that all organizational assets are protected.
Data Owners
Data Owner (also called information owner) is a management employee responsible for ensuring that specific data is protected. Data owners determine data sensitivity labels and the frequency of data backup. They focus on the data itself, whether in electronic or paper form. The data owner performs management duties; Custodians perform hands-on protection of data.
System Owner
The system owner is a manager responsible for the computers that house data; Hardware and software configuration, updates, patching etc.
Custodian
The custodian is a delegate that provides hands on protection of assets such as data. They follow orders and do not make critical decisions. They perform backup and restore, updates and configuration of antivirus software etc.
Users
Users must follow the rules: they must comply with mandatory policies, procedures, standards etc. Users must be made aware of these requirements and must be told via information sessions about penalty or failing to comply.
Data Controllers and Data Processors
- Data Controllers – Create and manage sensitive Data ie. HR employees; salary benefits, employee sanctions
- Data Processors – manage data on behalf of data controllers ie outsourced payroll company manage payroll data on behalf of HR
Data Collection Limitation
OECD – Collection limitation principle –
There should be limits to the collection of personal data and any such data should be obtained in a lawful and fair means, and where appropriate, with the knowledge or consent of data subject.
Memory and Remanence
Data Remanence
Data remanence is data that persists beyond noninvasive means to delete it. This could be magnetic data but also extends to various types of memory and storage.
Memory
RAM – Random Access Memory – Volatile – loses integrity after power loss. System RAM installed on slots.
ROM – Read Only Memory – Non-Volatile – maintains integrity after power loss. ie. BIOS, Firmware – PROM (programable read only memory – written once), EPROM (Erasable Programmable read only memory – Erasable via ultraviolet light) and EEPROM (Electrically erasable programmable read only memory) maybe flashed or erased and written to many times). PLD – (Programmable logic Device) – EEPROM, EPROM – all field programmable
Real or primary memory such as RAM is directly accessible by the CPU and is used to hold instructions and data for currently executing processes. Secondary memory, such as disk-based memory, is not directly accessible.
Cache Memory is the fastest memory on the system and is required to keep up with the CPU as it fetches and executes instructions. The fastest portion of the CPU Cache is the “register” file which contains multiple registers. The next fastest is L1 Cache (inside the CPU), next the L2 Cache (outside the CPU). SRAM (static random access memory) is used for cache memory due to it’s speed. It uses small latched called “flip-flops” to store bits. DRAM (Dynamic Random Access memory) is slower leaks charge and continually refreshed to maintain integrity as it stores bits in small capacitors (like small batteries). It’s relatively inexpensive and is slower compared to SRAM..
Flash Memory – Such as USB thumb drives is a type of EEPROM. Any byte of memory can be written making it faster than EEPROM but slower than magnetic disks.
SSD Solid State Drive – a combination of flash memory (EEPROM) and DRAM. Blocks on SSDs are logical and mapped to physical blocks. SSDs do not overwrite blocks that contain data. Garbage collection later takes care of old blocks. TRIM function enabled garbage collection to run in the background. It improves performance but does not reliably destroy data.
A Sector by sector overwrite behaves very differently on an SSD vs a magnetic drive and does not reliably destroy all data. Electronic shredding is not effective. Data on SSD drives can be securely removed using ATA secure erase or by physically destroying it.
Data Destruction
All forms of media should be securely cleaned or destroyed before disposal to prevent object reuse.
Overwriting
Deleting a file removes the entry from the file allocation table (FAT). Formatting destroys the old FAT. Both cases, the data remains and can be recovered through use of forensics tools. The issue is called data remanence. Overwriting is such as writing all 0s or random chars is better than deleting or formatting. Electronic shredding or wiping overwrites the files data before removing the FAT entry.
A single pass is sufficient to render the data unrecoverable
Degaussing
Degaussing destroys the integrity of magnetic media such as tapes or disk drives by exposing them to a strong magnetic field.
Destruction
Destruction physically destroys the integrity of media by damaging or destroying the media itself. It is considered more secure to than overwriting. Some media such as SSD and WORM tapes, CDR can only be written once.
Shredding
Shredding refers to the process of making data printed on hard copy, on smaller objects such as floppies and CDRs, unrecoverable. This can be done through paper shredders.
