Security+: Carrying Out Data Security and Privacy Practices In Response to Specific Scenarios


Any organization worth its information security salt will be carrying out data security and privacy practices. An organization’s data security and privacy practice habits are part of what separates a data-secure environment from an at-risk data environment. This article will detail what a successful candidate will need to know regarding carrying out data security and privacy practices in response to specific scenarios for the CompTIA Security+ certification exam.

Remember: this article should not serve as your main means of exam preparation, but rather as a brief review.

Data Destruction and Media Sanitization

In the course of business, organizations usually have to destroy media on a regular basis. Below are the different data destruction and media sanitization methods covered on the Security+ exam.


Burning or incineration is a good method for destroying data on paper. However, disposing of data on USB drives, DVDs, CDs, or other storage media via burning can give off toxic fumes, making it an environmental issue. This method should be used mainly for data on paper.


Shredding is preferable to burning in many cases. Equipment for shredding is inexpensive, portable and readily available.

Shredding works by reducing the size of objects to render them useless. These objects can be sheets of paper, CDs and DVDs. Cross-cut and micro-shredders are preferable to strip shredding, as they make the shredded pieces smaller and therefore even harder to use.


Pulping is a method that turns paper into a liquid slurry. This is only for data on paper and the disadvantages outweigh advantages, including having to haul the paper to a pulping facility and ensuring that the paper will be secure until pulping occurs.


Pulverizing means to feed documents into a pulverizer (normally hydraulic in nature) to reduce the documents into loose fibers. Few commercial disposal (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Chris Sienko. Read the original post at: