|
|
|
|
|
|
by bruntonspall
4523 days ago
|
|
|
This is a good summary of the area. In the UK we use the concept of a Business Impact Level, and information is assessed on it's confidentiality, integrity and availability.
Therefore you have to ask:
What happens if someone unauthorised can access it
What happens if someone can make an unauthorised modification
What happens if somebody can deny authorised people access. The UK government publishes the tables that it uses to assess business impact over at http://www.cesg.gov.uk/publications/Documents/business_impac... and you can read more about the wider information security concepts at https://www.gov.uk/service-manual/making-software/informatio... Unfortunately, IS5, the document that describes secure sanitisation of sensitive materials is not available to the public, so we don't know what guidelines the officials were working to here. You can assume that the least risky process for all parties is to be witness to the destruction of the physical media, giving both sides confidence that the materials were actually destroyed. |
|
|