2 cissp ® Official Study Guide Eighth Edition

Securely Provisioning Resources 
715
management extends beyond just backup tapes to any type of media that can hold data. It 
also includes any type of hard-copy data. 
When media includes sensitive information, it should be stored in a secure location with 
strict access controls to prevent losses due to unauthorized access. Additionally, any loca-
tion used to store media should have temperature and humidity controls to prevent losses 
due to corruption. 
Media management can also include technical controls to restrict device access from 
computer systems. As an example, many organizations use technical controls to block the 
use of USB drives and/or detect and record when users attempt to use them. In some situa-
tions, a written security policy prohibits the use of USB fl ash drives, and automated detec-
tion methods detect and report any violations. 
The primary risks from USB flash drives are malware infections and data 
theft. A system infected with a virus can detect when a user inserts a USB 
drive and infect the USB drive. When the user inserts this infected drive 
into another system, the malware attempts to infect the second system. 
Additionally, malicious users can easily copy and transfer large amounts of 
data and conceal the drive in their pocket.
Properly managing media directly addresses confi dentiality, integrity, and availability. 
When media is marked, handled, and stored properly, it helps prevent unauthorized disclo-
sure (loss of confi dentiality), unauthorized modifi cation (loss of integrity), and unauthor-
ized destruction (loss of availability). 
Controlling uSB Flash drives
Many organizations restrict the use of USB fl ash drives to only specifi c brands purchased 
and provided by the organization. This allows the organization to protect data on the 
drives and ensure that the drives are not being used to inadvertently transfer malicious 
software (malware) between systems. Users still have the benefi t of the USB fl ash drives, 
but this practice reduces risk for the organization without hampering the user’s ability to 
use USB drives. 
For example, Kingston Digital sells IronKey fl ash drives that include multiple levels of 
built-in protection. Several authentication mechanisms are available to ensure that only 
authorized users can access data on the drive. It protects data with built-in AES 256-bit 
hardware-based encryption. Active anti-malware software on the fl ash drive helps pre-
vent malware from infecting the drive. 
Enterprise editions include additional management solutions allowing administrators to 
manage the devices remotely. For example, they can reset passwords, activate auditing, 
and update the devices from a central location.

Download 19,3 Mb.

Do'stlaringiz bilan baham: