S 2.44 Secure packaging of data media

Initiation responsibility: IT Security Officer

Implementation responsibility: User, Mail Centre

In addition to the implementation safeguards stated in safeguard S 2.3 Data media control, the packaging of the data media should be designed so that tampering with the data media can be detected by examining the packaging for changes.

Possible safeguards in this regard include:

• sealed envelopes,
• lead-sealed containers,
• envelopes sealed with an adhesive film and then marked randomly several times using permanent ink, or
• security chains to seal envelopes.

There are special security envelopes, sealing tapes, and security chains available to protect classified materials.

If the data medium is equipped with a write protection device (e.g. a sliding tab on diskettes, a file protection ring on tapes), then it should be used. Which of the following security mechanisms is best suited to the purpose should be examined based on the protection requirement of the data stored on the data media:

• The files should be stored on the data media as read-only files. The access protection capabilities available in many office programmes can be used for this purpose (see also S 4.30 Utilisation of the security functions offered in application programs).
• If you want to detect manipulations to the information on the data medium automatically, then encryption or checksum procedures should be implemented (see S 4.34 Using encryption, checksums, or digital signatures).
• To prevent unauthorised persons from reading the data, the entire data medium or every single file should be encrypted.

Review questions:

• Is secure packaging used for shipment of data media (i.e. any manipulation of this packaging will result in changes to the packaging)?