What should my policy be regarding CD burners in the company? They are becoming cheaper and cheaper, and more project managers are requesting this purchase. I am concerned about information leakage and software piracy.
CDs and burner devices should be handled as any other electronic media devices. Some check points include:
Logically and physically secure the CD and burner Data should be logically secured to the highest degree commensurate with the sensitivity of the data. The burner units should be physically secured when not in use.
Information should be classified prior to burning In order to properly protect information assets, all information should be classified. By classifying data, business units can determine the appropriate resources needed to protect information.
Information must have an owner The information wwner's responsibilities are to classify the information to assure it is properly handled.
CDs should be sanitized if no longer required Electronic media should be degaussed (electronically sanitized) or otherwise rendered unrecoverable and verified by the use of special file recovery programs. Proof of this activity is mandatory.
Verification After the media has been sanitized, the responsible technician should document the action with detailed information attached to the originator (owner) request.
Identification of sanitized media Sanitized media should be individually identified and method should be employed to prevent accidental re-use with an appropriate method to the media.
Sanitized prior to re-use Any media containing sensitive information should be sanitized prior to re-use to ensure that any sensitive information resident is unretrievable.
Off site Any magnetic media sent off site (other than backup) should be sanitized prior to leaving the facility.
Dig deeper on Information Security Policies, Procedures and Guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.