Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 80

Handling sensitive or classified information involves everything necessary to meet its protection requirements; handling storage media refers to all processes, be they human, electronic, or mechanical, which are involved in mounting, dismounting, storing, shipping, using, reusing, and ultimately destroying the media. This protection requires a combination of marking the media and establishing and using administrative and logical processes that perform those tasks in controlled, reliable, and auditable ways. The marking achieves nothing without the procedures being understood and used properly!

Marking involves labeling in both human-readable and machine-readable manners so that it is immediately obvious what the highest security classification level of data on that media can be and should be. Humans are known to put “for unclassified use only” disks into drives and then write secret, proprietary, or private data to them, either deliberately as part of an exfiltration attempt or accidentally. The labeling should clearly link to the proper handling procedures for that level of security classification. Done properly, your device-level identity management and access control systems can then use this marking to authenticate the media when it is first mounted and then authorize each attempt to read or write data or metadata to it.

It's strongly recommended that your IT or security teams be the ones who purchase, label, initialize, and inventory storage media used for sensitive, proprietary or other data security classifications your company uses. When teamed with user-facing policy directives, this can significantly reduce the compromise of classified information due to a user forgetting to properly label a piece of media.