A global financial institution is decommissioning an old data center containing legacy systems with sensitive customer financial data. The CISO has asked you to develop a secure disposal plan for these systems. Which approach would BEST ensure the institution meets its security and compliance obligations?
Perform system backups as required then format storage devices
Transfer necessary data to new systems and securely destroy hardware components with physical destruction methods
Outsource the disposal to a reputable third-party vendor that meets security and compliance standards
Conduct a data classification review, then apply appropriate sanitization methods based on data sensitivity and storage media
The correct answer is to conduct a data classification review, then apply appropriate sanitization methods based on data sensitivity. This approach follows security best practices for system retirement by first understanding what types of data exist on the systems (through classification), and then applying the appropriate data destruction techniques based on that classification. Different types of data require different levels of sanitization - some may require complete physical destruction while others might only need secure wiping. This methodical approach ensures compliance with regulations while protecting sensitive information.
The other options are incorrect because:
Simply transferring data to new systems before physical destruction doesn't address proper data sanitization and may leave sensitive information vulnerable during transfer.
Performing backups without classification doesn't address how to properly destroy the data according to its sensitivity level.
Outsourcing to a vendor without specific security requirements puts the organization at risk of improper disposal practices that could lead to data breaches.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is data classification and why is it important in data disposal?
Open an interactive chat with Bash
What are the different sanitization methods based on data sensitivity?
Open an interactive chat with Bash
How do compliance regulations influence the disposal plan for sensitive data?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access