CISA Certified Information Systems Auditor – Question1662

When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor?

A.
Hard disks are overwritten several times at the sector level, but are not reformatted before leaving the organization.
B. All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization.
C. Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization.
D. The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded.

Correct Answer: B

Explanation:

Explanation:
Deleting and formatting does not completely erase the data but only marks the sectors that contained files as being free. There are tools available over the Internet which allow one to reconstruct most of a hard disk’s contents. Overwriting a hard disk at the sector level would completely erase data, directories, indices and master file tables. Reformatting is not necessary since all contents are destroyed. Overwriting several times makes useless some forensic measures which are able to reconstruct former contents of newly overwritten sectors by analyzing special magnetic features of the platter’s surface. While hole-punching does not delete file contents, the hard disk cannot be used anymore, especially when head parking zones and track zero information are impacted.
Reconstructing data would be extremely expensive since all analysis must be performed under a clean room atmosphere and is only possible within a short time frame or until the surface is corroded. Data reconstruction from shredded hard disks is virtually impossible, especially when the scrap is mixed with other metal parts. If the transport can be secured and the destruction be proved as described in the option, this is a valid method of disposal.