170
Chapter 5
■
Protecting
Security of Assets
documents within a folder that includes a label or cover page clearly indicating the classifi -
cation. Headers aren’t limited to fi les. Backup tapes often include header information, and
the classifi cation can be included in this header.
Another benefi t of headers, footers, and watermarks is that DLP systems can identify
documents that include sensitive information, and apply the appropriate security controls.
Some DLP systems will also add metadata tags to the document when they detect that the
document is classifi ed. These tags provide insight into the document’s contents and help
the DLP system handle it appropriately.
Similarly, some organizations mandate specifi c desktop
backgrounds on their comput-
ers. For example, a system used to process proprietary data might have a black desktop
background with the word
Proprietary
in white and a wide orange border. The background
could also include statements such as “This computer processes proprietary data” and
statements reminding users of their responsibilities to protect the data.
In many secure environments, personnel also use labels for unclassifi ed media and
equipment. This prevents an error of omission where sensitive information isn’t marked.
For example, if a backup tape holding sensitive data isn’t marked, a user might assume
it only holds unclassifi ed data. However, if the organization
marks unclassifi ed data too,
unlabeled media would be easily noticeable, and the user would view an unmarked tape
with suspicion.
Organizations often identify procedures to downgrade media. For example, if a backup
tape includes confi dential information, an administrator might want to downgrade the tape
to unclassifi ed. The organization would identify trusted procedures that will purge the
tape of all usable data. After
administrators purge the tape, they can then downgrade it
and replace the labels.
However, many organizations prohibit downgrading media at all. For example, a data
policy might prohibit downgrading a backup tape that contains top secret data. Instead, the
policy might mandate destroying this tape when it reaches the end of its lifecycle. Similarly,
it is rare to downgrade a system. In other words, if a system has been processing top secret
data, it would be rare to downgrade it and relabel it as an unclassifi ed system. In any event,
approved procedures would need to be created to assure a proper downgrading.
If media or a computing system needs to be downgraded to a less
sensitive
classification, it must be sanitized using appropriate procedures
as described in the section “Destroying Sensitive Data” later in this
chapter. However, it’s often safer and easier just to purchase new media or
equipment rather than follow through with the sanitization steps for reuse.
Many organizations adopt a policy that prohibits downgrading any media
or systems.
Do'stlaringiz bilan baham: