S 5.2 Exchange of data media
Description
This module considers the exchange of digital and analogue data media to transmit information between different communication partners and IT systems. Even when there is a broadband network connection it can also be reasonable or necessary for various reasons to send data media for the electronic exchange of data. One reason may be that no network exists between the corresponding IT systems or the network available is not trustworthy enough. Data media can be exchanged in person, by mail, or by shipping them. Commonly used data media include diskettes, removable disks (magnetic, magneto-optical), CD-ROMs, DVDs, magnetic tapes, cartridges, and even flash storage devices such as USB sticks and USB hard drives. It should not be forgotten that paper documents are also data media and that the same security requirements apply to paper documents, depending on the protection requirement of the corresponding information.
This module also handles the storage of the data in the sending and receiving systems when this directly relates to the exchange of data media and describes how to handle the data media before and after transferral.
Threat scenario
The following typical threats to the IT-Grundschutz are assumed to exist in the context of exchanging data media:
Force Majeure
| T 1.7 | Inadmissible temperature and humidity |
| T 1.8 | Dust, soiling |
| T 1.9 | Loss of data due to intensive magnetic fields |
Organisational Shortcomings
| T 2.3 | Lack of, inadequate, incompatible resources |
| T 2.10 | Data media are not available when required |
| T 2.17 | Inadequate labelling of data media |
| T 2.18 | Uncontrolled delivery of data media |
| T 2.19 | Inadequate key management for encryption |
Human Error
| T 3.1 | Loss of data confidentiality or integrity as a result of user error |
| T 3.3 | Non-compliance with IT security measures |
| T 3.12 | Loss of data media during transfer |
| T 3.13 | Passing on false or internal information |
Technical Failure
| T 4.7 | Defective data media |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.2 | Manipulation of information or software |
| T 5.4 | Theft |
| T 5.9 | Unauthorised use of IT systems |
| T 5.23 | Malicious software |
| T 5.29 | Unauthorised copying of data media |
| T 5.43 | Macro viruses |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
A series of safeguards must be implemented to ensure the secure exchange of data media, starting in the planning and design phase, through the daily operation phase, and up to the contingency planning phase. The steps to be followed in this case as well as the safeguards to implement in each phase are listed in the following.
Planning and design
The group of communication partners with which data media may be exchanged must be clarified and bindingly specified before data media are exchanged, and the types of data media to be used to exchange information with external entities must be determined and recorded accordingly in the data media management system. Furthermore, protection of the data media at the institution itself, during transport and at the recipient's site should be defined.
Purchasing
The selection of suitable data media is to be coordinated with the communication partners. S 4.169 Use of appropriate archiving media can be useful when deciding on what types of data media are suitable for this purpose.
Implementation
To keep the damage caused by improper handling of data media during transport as low as possible, a suitable shipment mode should be specified, which may vary depending on the data medium used (e.g. paper, CD-ROM, magnetic tape).
Operation
When exchanging data media, a series of safeguards must be followed to prevent possible damage and to minimise the effect of any damage that occurs. This includes safeguards such as securely storing and packaging the data media as well as applying a unique label to each data medium to reduce the risk of confusing them. General security precautions for digital data media include examining the media for computer viruses before shipping or transfer in person, but also examining all media received.
Disposal
If magnetic data media are exchanged with varying communication partners, the data on these media should be physically deleted before reusing the media to prevent residual information from being transferred to the wrong recipient.
Contingency Planning
Since it is not impossible for data media to become lost during transport, at least one local copy of the data transferred should be kept until correct receipt of the data media has been confirmed. Depending on the manner of exchange and the reason for exchanging the data media, it may be necessary to save the data even longer for use as evidence in case a conflict arises later.
The bundle of security safeguards to be used when exchanging data media are presented in the following.
Planning and design
| S 2.3 | (B) | Data media control |
| S 2.42 | (A) | Determination of potential communications partners |
| S 2.45 | (A) | Controlling the exchange of data media |
| S 2.393 | (A) | Regulations concerning information exchange |
| S 4.34 | (Z) | Using encryption, checksums, or digital signatures |
Implementation
| S 2.46 | (A) | Appropriate key management |
| S 4.32 | (B) | Physical deletion of data media before and after usage |
| S 4.64 | (C) | Verification of data before transmission / elimination of residual information |
| S 5.22 | (B) | Compatibility check of the transmission and reception systems |
| S 5.23 | (A) | Selecting suitable types of dispatch for data media |
Operation
| S 1.36 | (A) | Safekeeping of data media before and after dispatch |
| S 2.43 | (A) | Adequate labelling of data media for dispatch |
| S 2.44 | (A) | Secure packaging of data media |
| S 3.14 | (B) | Briefing personnel on correct procedures of exchanging data media |
| S 4.33 | (A) | Use of a virus scanning program on exchange of data media and during data transfer |
| S 4.35 | (Z) | Pre-dispatch verification of the data to be transferred |
Contingency Planning
| S 6.38 | (A) | Backup copies of transferred data |