A global financial institution is decommissioning an old data center containing legacy systems with sensitive customer financial data. The CISO has asked you to develop a secure disposal plan for these systems. Which approach would BEST ensure the institution meets its security and compliance obligations?
Transfer necessary data to new systems and securely destroy hardware components with physical destruction methods
Outsource the disposal to a reputable third-party vendor that meets security and compliance standards
Perform system backups as required then format storage devices
Conduct a data classification review, then apply appropriate sanitization methods based on data sensitivity and storage media
The correct answer is to conduct a data classification review, then apply appropriate sanitization methods based on data sensitivity. This approach follows security best practices for system retirement by first understanding what types of data exist on the systems (through classification), and then applying the appropriate data destruction techniques based on that classification. Different types of data require different levels of sanitization - some may require complete physical destruction while others might only need secure wiping. This methodical approach ensures compliance with regulations while protecting sensitive information.
The other options are incorrect because:
Simply transferring data to new systems before physical destruction doesn't address proper data sanitization and may leave sensitive information vulnerable during transfer.
Performing backups without classification doesn't address how to properly destroy the data according to its sensitivity level.
Outsourcing to a vendor without specific security requirements puts the organization at risk of improper disposal practices that could lead to data breaches.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a data classification review important before data sanitization?
Open an interactive chat with Bash
What are the main types of data sanitization methods?
Open an interactive chat with Bash
What risks are involved in outsourcing data disposal to third-party vendors?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .