S 2.474 Secure withdrawal from operation of PBX components
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: Administrator
Confidential information is stored to some components of PBX systems during operations, including personal data such as telephone books, contact details, and call detail records, for example.
For WLAN components, this particularly includes the authentication information for WLAN access (see also S 2.390 Taking WLAN components out of operation). A wide range of sensitive information may be stored to VoIP components depending on the operational purpose. For example, this includes IP addresses and further information allowing conclusions about the network structure to be drawn, as well as organisation-wide telephone directories of all employees (S 2.377 Secure withdrawal from operation of VoIP components).
Data stored locally on the different components that is still required must either be backed up or archived externally (e.g. on magnetic tapes, CD-ROMs, or DVD-ROMs) or transferred to a backup system. Additional information on this subject can be found in modules S 1.4 Data backup policy and S 1.12 Archiving.
If components are to be withdrawn from operation or replaced, it must be ensured that data media such as hard disks which personal data is stored to are disposed of in a secure manner. This applies particularly if the components are disposed of and given to third parties (sold, for example). Even if a device is transferred to the manufacturer or a service company within the framework of warranty replacement activities or repair work, the confidential data must be made illegible in advance.
For this, the data media should either be destroyed physically or the data on the data medium should be deleted in such a way that any reconstruction is impossible (see also module S 1.15 Deleting and destroying data).
Additionally, such components often have labels containing names on shortcut keys, IP addresses, telephone numbers, or other technical information. These labels should also be removed before disposal.
Additionally, it must be ensured that the authorisations of the components to be disposed of are revoked in order to prevent unauthorised use.
The security policy should also make the readers aware of the secure disposal of the components of the telecommunication system.
Review questions:
- Is the data on the corresponding components of the PBX system deleted securely before disposal?
- Has the secure disposal of components of the PBX system been taken into consideration in the corresponding security policy?