Which choice below is NOT an example of a media control?
A.
Printing to a printer in a secured room
B.
Conducting background checks on individuals
C.
Sanitizing the media before disposition
D.
Physically protecting copies of backup media
Explanation:
The answer is a personnel control. Most support and operations staff have special access to the
system. Some organizations conduct background checks on individuals filling these positions to
screen out possibly untrustworthy individuals. *Answer “Sanitizing the media before disposition”:
The process of removing information from media before disposition is called sanitization. Three
techniques are commonly used for media sanitization: overwriting, degaussing, and destruction.
*Answer “Printing to a printer in a secured room”: It may be necessary to actually output data to the
media in a secure location, such as printing to a printer in a locked room instead of to a generalpurpose printer in a common area. *Answer “Physically protecting copies of backup media”: Physical
protection of copies of backup media stored offsite should be accorded a level of protection
equivalent to media containing the same information stored onsite. Source: National Institute of
Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special
Publication 800-12.