NETS 1015:

SECURITY
MANAGEMENT

Lecture #1
COURSE
SHELL
REVIEW
Syllabus
Review
What is
Information Security Management (ISM) establishes
and manages the controls that an organization must
put in place to ensure that the confidentiality,
information availability, and integrity of assets are protected from
threats and vulnerabilities in a sensible manner .

security Many organizations create a codified procedure for

managing information security or InfoSec, which is

management? referred to as the Information Security Management

System (ISMS).

Operational principles: confidentiality, availability,

integrity.
Retrieved from https://www.atatus.com/glossary/information-security-management/

/
 Confidentiality

The term "confidentiality" or

What is "privacy" refers to the fact that
confidentiality? certain protected information is only
accessible to authorized people. The
security team categorizes data based
on perceived risk and evaluates the
data's potential impact if it is
compromised.
Retrieved from https://www.atatus.com/glossary/information-security-management/
 Integrity
What is
Data integrity is managed by the ISMS,
integrity? which implements rules to assure the
accuracy and consistency of stored
data throughout its lifecycle. User
access controls, and version controls
all help to ensure data integrity.
Retrieved from https://www.atatus.com/glossary/information-security-management/
 Availability
What is The ISM team takes the necessary
precautions to guarantee that data is only
availability? available to authorized persons at all
times. Proper hardware maintenance,
patch installation and upgrading, disaster
recovery protocols implementation, and
incident response are among some of the
precautions taken.
Retrieved from https://www.atatus.com/glossary/information-security-management/
What is an • Employee Data
• Intellectual Property/Patemts
informational
• Ongoing project documentation
asset? • Products/Service Information
• Proprietary Knowledge/Trade
Secrets
• Strategic Documentation
• Customer Information
Retrieved from https://www.atatus.com/glossary/information-security-management/
 •It eliminates or mitigates untimely danger that
could cost your company time and money.
•It safeguards the firm from data breaches, but
Why is ISM if one occurs, it provides you with procedures
to efficiently mitigate the damage.
important? •It guards against the intentional or
unintentional exploitation of data.
•When you have an ISMS in place, it builds trust
in the market, which benefits the perceived
and real value of the company.

Retrieved from https://www.atatus.com/glossary/information-security-management/

 Sample Job Description - Head of Information Security

RESPONSIBILITIES

•Work with auditors to receive various security-related certifications/reports (eg. SOC 2 Type II, ISO
27001, PCI-DSS)

•Analyze networks and systems to identify opportunities for improvement

•Process incoming vulnerability reports sent to security@canny.io

•Complete customer security questionnaires to unblock sales opportunities

•Implement and enforce best practices and security standards for the organization

•Routinely test and audit company software and networks

•Provide consultation to our product team regarding the security implications of new features

Retrieved from https://infosec-jobs.com/job/11107-head-of-information-security/

 Sample Job Description - Senior Security Infrastructure Engineer

RESPONSIBILITIES

•Build standards, patterns, and tools that help engineers in other teams make effective and secure use of
infrastructure

•Partner with engineers and product teams across application development and data engineering teams to
strengthen security focused architectural approaches

•Consult with other engineering teams providing expertise on secure infrastructure design

•Perform security tasks including threat modeling, secure code review, training, static and dynamic
analysis, and automated and manual security testing

•Configure and manage our software defined networking capabilities including VPCs, firewalls, and
routing

•Be security-first when designing and evaluating solutions

•Help audit and harden our production monitoring and alerting systems
Retrieved from https://infosec-jobs.com/job/11107-head-of-information-security/

•Mentor less experienced members of the team through pair-programming and empathetic code review
 Sample Job Description - Associate Security Analyst

RESPONSIBILITIES

•You will learn how to monitor and respond to notifications and alerts from security tools such as Lacework,
Tenable, Cylance, Google Workspace, etc.

•You will evaluate the security of third-party vendors and collaborating with them to develop corrective
action plans

•You will analyze security incident data to identify and document root causes

•You will research security vulnerabilities and industry trends

•You will perform routine security activities such as access review audits

•You will assist in the maintenance of the company ’s security governance documentation (policies, plans, and
standards)

•You will manage the security awareness training program, including designing and conducting internal
phishing campaigns

•You will manage the Risk Register including working with appropriate stakeholders to address identified
Retrieved from https://infosec-jobs.com/job/11107-head-of-information-security/

risks
NETS 1015:
SECURITY
MANAGEMENT

Lecture #2 An overview of
the information security
landscape in Canada
 Cyber-dependent crimes are those which can only be
committed using a computer, a computer network, or other

Canadian technology.

Cyber-enabled crimes are crimes which can be committed

Cyber without the use of technology, but which are increased in

their scale or reach by the use of computers, computer
networks, and other technology.
Security Computer-supported crimes are those in which the use
of the computer or network is only incidental to the actual
Legal commission of the crime, but which may be legally
relevant for evidentiary purposes.

Landscape National security offences (“cyberterrorism”) and civil

violations involving computers, computer networks, and
other technologies.

Retrieved from: https://datexdatastealth.com/blog/criminal-code-of-canada-article-4

 Hacking is a broad term that refers to someone
exploiting a computer system or private network through
a computer to gain access to digital files or systems
without permission. Variations of offences which could
Common relate to hacking involve themes of interception, fraud,
and mischief with maximum sentences ranging from 5 to
specific 14 years of imprisonment.

Possession of “Hacking Tools” which are designed or

cybercrime adapted primarily to commit either computer/network
“hacking” (under s. 342.1) or computer/network

Offences “mischief” (under s. 430) and knowing that the device

has been used or is intended to be used for those purposes
is an offence. An offence of this nature can lead to a
sentence of up to 2 years in prison.

Retrieved from: https://datexdatastealth.com/blog/criminal-code-of-canada-article-4

 Denial-of-Service (DoS) Attacks occur when a
(likely nefarious) individual either temporarily or
indefinitely disrupts services of a host connected to

Common the internet, which makes the legitimate users unable

to access information systems, devices, and other

specific network resources. These types of attacks can result

in a prison sentence of up to 10 years for mischief.

cybercrime Distributed Denial of Service (DDoS) Attacks are

similar to a DoS attacks, but much larger. The

Offences difference between DoS and DDoS attacks is that

whereas DoS typically involves one computer, a
DDoS attack uses multiple computers and multiple
internet connections to disrupt network traffic.

Retrieved from: https://datexdatastealth.com/blog/criminal-code-of-canada-article-4

 M al ware , or “ m a l i c i ous sof t wa r e ” i s a ge ne r a l t e r m ( a nd
por t m a nt e a u) t ha t c a n r e f e r t o a dwa r e , r a ns om wa r e , s pywa r e ,
t r oj a ns , vi r us e s , wor m s , a nd ot he r t ype s of ha r m f ul
s of t wa r e . Li ke DoS a nd DDoS a t t a c ks , m a l wa r e i s
Common c ons i de r e d t o be a f or m of m i s c hi e f a nd c a n r e sul t i n
s e nt e nc e s of up t o 10 ye a r s i n pr i s on.

specific Phi s hi ng i s a t ype of c ybe r c r i m e i n whi c h a t a rge t ( or

t a rge t s) a r e c ont a c t e d by e m a i l , t e l e phone or t e xt m e ss a ge by

cybercrime
s om e one posi ng a s a l e gi t i m a t e i ns t i t ut i on t o l ur e t hos e
i ndi vi dua l s i nt o pr ovi di ng pr i va t e da t a s uc h a s pe r s ona l l y
i de nt i f i a bl e i nf or m a t i on, ba nki ng a nd c r e di t c a r d de t a i l s , a nd

Offences pa s s wor ds . Thi s t ype of f r a ud i s c ove r e d unde r s . 380( 1) of

t he Cr i m i na l Code a s “ de f r a udi ng t he publ i c or a ny pe r s on of
pr ope r t y, m one y, va l ua bl e s e c ur i t y or a se r vi c e ” a nd c a n be
pe na l i z e d wi t h up t o 14 ye a r s of i m pr i sonm e nt .

Retrieved from: https://datexdatastealth.com/blog/criminal-code-of-canada-article-4

 Identity Theft and Identity Fraud tend to go hand-in-
hand. Identity theft is covered in the Criminal Code under
s. 402.2 as “obtaining or possessing another person’s
identity information with the intent to use it to commit an
Common indictable offence”. Identity theft and identity fraud can be
penalized with up to 5 and 10 years of imprisonment

specific respectively.

Criminal Copyright Infringement is a type of electronic

cybercrime theft that involves circumventing a technological

protection measure. This particular offence is covered
under s. 41.1(1) of the Copyright Act rather than
Offences the Criminal Code. Charges of criminal copyright
infringement have the potential for fines of up to $1
million, imprisonment for up to 5 years, or a combination
of both.

Retrieved from: https://datexdatastealth.com/blog/criminal-code-of-canada-article-4

 Th e G o v e rn m e n t o f Ca n a d a a n d its p a r tn e r s w ill w o r k to g e th e r
a c ro ss th re e th e m e s:

Se c ur it y a nd R e s ilie nc e

Canada’s Th r o u g h c o lla b o ra tiv e a c tio n w ith p a rtn e rs a n d e n h a n c e d c y b e r

se c u r ity c a p a b ilitie s , w e w ill b e tte r p r o te c t Ca n a d ia n s f ro m
c y b e rc r im e , r e sp o n d to e v o lv in g th r e a ts , a n d d e f e n d c ritic a l
Cyber g o v e r n m e n t a n d p riv a te s e c to r s y ste m s.

So m e c y b e r sy ste m s — su c h a s e le c tr ic ity g rid s,

Security c o m m u n ic a tio n s n e tw o r k s , o r f in a n c ia l in stitu tio n s — a r e so

im p o r ta n t th a t a n y d isr u p tio n c o u ld h a v e se r io u s c o n se q u e n c e s
f o r p u b lic sa f e ty a n d n a tio n a l s e c u rity. Th e fe d e r a l g o v e r n m e n t
Strategy w ill w o r k w ith p r o v in c e s, te r rito rie s, a n d th e p riv a te s e c to r to
h e lp d e f in e r e q u ire m e n ts to p r o te c t th is d ig ita l in fr a stru c tu r e .

Retrieved fromhttps://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/index-en.aspx#s1
 The Government of Canada and its partners will work
together across three themes:

Canada’s Cyber Innovation

By supporting advanced research, fostering digital

Cyber innovation, and developing cyber skills and

knowledge, the federal government will position

Security Canada as a global leader in cyber security. The

Government will focus on emerging areas of

Strategy Canadian excellence, such as quantum computing and

blockchain technologies

Retrieved fromhttps://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/index-en.aspx#s1
 The Government of Canada and its partners will work
together across three themes:

Canada’s Leadership and Collaboration

The federal government, in close collaboration with

Cyber provinces, territories, and the private sector, will
take a leadership role to advance cyber security in
Security Canada and will, in coordination with allies, work to
shape the international cyber security environment in
Strategy Canada's favour.

Retrieved fromhttps://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/index-en.aspx#s1
 1. Phishing

Top eight 2. Ransomware

3. Distributed-denial-of-service (DDoS) attacks

cybersecuriy 4. Zero-day attacks

risks 5. Botnet attacks

6. Man-in-the-middle attacks

Canadians are 7. Cryptojacking

8. Spam
facing

Retrieved from ; https://www.insurancebusinessmag.com/ca/news/cyber/top-eight-cybersecurity-risks-canadians-are-facing-315532.aspx

information https://infosec-conferences.com/country/canada/

security
conferences
information
security
certifications

Retrieved from: https://www.coursera.org/articles/popular-cybersecurity-certifications

 Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

information
Security+

Certified Ethical Hacker (CEH)

security GIAC Security Essentials Certification (GSEC)

certifications
Systems Security Certified Practitioner (SSCP)

CompTIA Advanced Security Practitioner (CASP+)

GIAC Certified Incident Handler (GCIH)

Offensive Security Certified Professional (OSCP)

Retrieved from: https://www.coursera.org/articles/popular-cybersecurity-certifications

 Explore: https://cyber.gc.ca/en/

The Canadian
Centre for
Cyber Security

Retrieved from: https://www.coursera.org/articles/popular-cybersecurity-certifications

 Explore: https://www.rcmp-grc.gc.ca/en/royal-canadian-
mounted-police-cybercrime-strategy

The following three pillars are identified within the strategy to

RCMP guide the RCMP's efforts in combating cybercrime:

•Identify and prioritize cybercrime threats through intelligence

Cybercrime collection and analysis;

•Pursue cybercrime through targeted enforcement and

Strategy investigative action; and,

•Support cybercrime investigations with specialized skills, tools

and training.

Retrieved from: https://www.rcmp-grc.gc.ca/en/royal-canadian-mounted-police-cybercrime-strategy

 Explore: https://www.oeb.ca/sites/default/files/Ontario-
Cyber-Security-Framework-20171206.pdf

The risk of security breaches and exposure to cyber-attacks

within the electrical energy sector has grown substantially
with the implementation of Smart Grids, Smart Metering
and SelfGeneration. Increased use of automation, different
communication networks, and the use of wireless
Ontario Cyber networks, data flows, hand-held electronic devices and the
internet of things (IoT) have created attack vectors that
have not been considered in the past. As well, the growing
Security demand for real-time data exchange between entities
within the province, to support business units have resulted
in increased cyber security risks to Ontario’s energy sector.
Framework In the absence of a recognized electricity
transmission/distribution standard or framework for cyber
security, the OEB facilitated a consultation to establish a
cyber security policy and the development of a Framework
to be used as the common basis for assessing and
reporting capability to the OEB.

Retrieved from: https://www.rcmp-grc.gc.ca/en/royal-canadian-mounted-police-cybercrime-strategy

NETS 1015:
SECURITY
MANAGEMENT

Lecture #3 The goal of

Information Security
Management
What does Information Security Management (ISM) sets the
controls that protect confidential, sensitive, and

ISM do? personal information from damage, theft, or misuse.

Retrieved from:https://www.smartsheet.com/content/information-security-management
What is the
main The main objective of information security
management is to prevent data breaches .
objective of
ISM?

Retrieved from:https://www.itgovernance.co.uk/blog/what-is-information-security-management
 Organizations need to consider the different
ways that information can be breached. This can

What are be considered across the three pillars of

information security.

the ways in The first is confidentiality , which refers to

whether information is accessible to or disclosed

which data
to unauthorized people.

Second is integrity , which refers to the

can be
completeness and accuracy of sensitive
information.

Finally, there is the availability of sensitive

breached? information, which refers to whether authorized
users are able to access information on demand.

Retrieved from:https://www.itgovernance.co.uk/blog/what-is-information-security-management
 T he main goal of information security systems is to guarantee
data protection from external and internal threats

What are T he use of information security systems provides:

•confidentiality of data - only authorized persons have access;

the main •the availability of information systems w ith the data

contained in them to specific users w ho have the right to
access such information;
goals of •data integrity involves blocking unauthorized changes to
information;

information •authenticity - completeness and general accuracy of

information;

security? •non-repudiation - the ability to determine the source or

authorship of information.

Retrieved from:https://searchinform.com/challenges/information-security/information-security-basics/key-aspects-of-information-security
/goals-and-objectives-of-information-security/
How do I
The prevention of data breaches begins with
prevent a risk management, in which an organization
identifies its information assets, and the
data ways they can be compromised.

breach?

Retrieved from:https://www.itgovernance.co.uk/blog/what-is-information-security-management
 To do this, organizations must split risk into
its constituent components:

•Vulnerabilities: known flaws that can be

exploited to damage or compromise
How does sensitive information.

•Threats: the actions by which vulnerabilities

one analyze are exploited. For example, a cyber criminal
leveraging a software flaw.
risks? •Likelihood: how likely it is that a
vulnerability will be exploited.

•Impact: the damage that occurs when a

threat is exploited.

Retrieved from:https://www.itgovernance.co.uk/blog/what-is-information-security-management
What are the 1 Employee negligence or abuse

2 Insuff icient resources to get job done right

5 biggest 3 Rapid increase in outsourced IT and data

concerns of IT
management

4 Open patches and holes in application soft ware

security 5 Catastrophic attack on IT infrastructure

professionals?

Retrieved from:https://www.itworldcanada.com/article/what-keeps-security-professionals-up-at-night/19842
NETS 1015:
SECURITY
MANAGEMENT

Lecture #4 Categories of
information security
management
 Cybersecurity controls are mechanisms used to
What are prevent, detect and mitigate cyber threats and
attacks. Mechanisms range from physical controls,
security such as security guards and surveillance cameras, to
technical controls, including firewalls and
controls? multifactor authentication.

Retrieved from:https://www.techtarget.com/searchsecurity/feature/Types-of-cybersecurity-controls
-and-how-to-place-them#:~:text=Cybersecurity%20controls%20are%20mechanisms%20used,inclu
%20firewalls%20and%20multifactor%20authentication.
What are • Physical

• Procedural
typical • Technical

categories • Compliance

• Regulatory

of security • Legal

• On-premise
controls?

Retrieved from:https://www.techtarget.com/searchsecurity/feature/Types-of-cybersecurity-controls
-and-how-to-place-them#:~:text=Cybersecurity%20controls%20are%20mechanisms%20used,inclu
%20firewalls%20and%20multifactor%20authentication.
 • Cloud
What are • Administrative

typical • Cyber security

• Network
categories • Database

• Purchased software
of security
• In-house developed software

controls? • Operational

Retrieved from:https://www.techtarget.com/searchsecurity/feature/Types-of-cybersecurity-controls
-and-how-to-place-them#:~:text=Cybersecurity%20controls%20are%20mechanisms%20used,inclu
%20firewalls%20and%20multifactor%20authentication.
How can
these
security • Preventative

controls • Detective

• Corrective
themselves
be
categorized?

Retrieved from:https://www.techtarget.com/searchsecurity/feature/Types-of-cybersecurity-controls
-and-how-to-place-them#:~:text=Cybersecurity%20controls%20are%20mechanisms%20used,inclu
%20firewalls%20and%20multifactor%20authentication.
NETS 1015:
SECURITY
MANAGEMENT

Lecture #5 Information
security breach
(incident)response plans
 An incident response plan includes, but is not limited
What is an to, the processes, procedures, and documentation
related to how an organization detects, responds to,
incident and recovers from incidents.

response Cyber threats, natural disasters, and unplanned

outages are examples of incidents that will impact
plan? networks, systems, and devices.

Retrieved from:https://cyber.gc.ca/en/guidance/developing-your-incident-response-plan-itsap40003
What activities
should be
• Conduct a risk assessment
conducted • Develop the appropriate company

before policies

• Establish an incident response team

creating an
• Create a communication plan
incident • Educate the company employees

response
plan?
Retrieved from:https://cyber.gc.ca/en/guidance/developing-your-incident-response-plan-itsap40003
What are the • Prepare – defi ne the plan objectives,
develop incident response policies,
elements of an implement a reliable back up system,
create a HW update and SW patch
incident strategy, develop exercises to test your
response plan, revise your plan of ten
response
based upon test results and changing

plan? cyber security landscape.

Retrieved from:https://cyber.gc.ca/en/guidance/developing-your-incident-response-plan-itsap40003
What are the
• Observe – monitor all systems for
elements of an potential threats, produce /disseminate

incident reports /events, analyze reports to identify

trends and potential reasons to activate
response the incident response plan.

plan?

Retrieved from:https://cyber.gc.ca/en/guidance/developing-your-incident-response-plan-itsap40003
What are the • Resolve – contain the threat and apply
eff ective mitigation measures, eradicate
elements of an the intrusion by restoring the system from

incident a backup, re-check all aspects of the

system and patch /update accordingly,
response preserve evidence /documentation to assist
in the analysis of the incident.
plan?

Retrieved from:https://cyber.gc.ca/en/guidance/developing-your-incident-response-plan-itsap40003
 • Understand – identify the root cause of

What are the the incident and look for improvements,

evaluate the incident response and note
elements of an what worked well and what should be
changed, create a lessons learned
incident document to assist in improving your plan,
document and analyse the steps taken to
response
uncover and resolve the specifi c incident,

plan? analyse the lessons learned document for

possible response plan improvements.

Retrieved from:https://cyber.gc.ca/en/guidance/developing-your-incident-response-plan-itsap40003
Industry
incident
response plan
frameworks

Retrieved from:https://cyber.gc.ca/en/guidance/developing-your-incident-response-plan-itsap40003
NETS 1015:
SECURITY
MANAGEMENT

Lecture #6 Media
Sanitization
 Sanitization is a non-destructive declassifying

What is method to make data non-recoverable while leaving

the Media in a re-usable condition in accordance with

media departmental and GC IT security policy. This ensures

the continuing confidentiality of residual data on the

sanitization?
Media and minimizes the threat of unauthorized
disclosure.

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 Media sanitization and disposal is done to:

Why media 1.Protect the confidentiality of any residual data on

the Media

sanitization? 2.Comply with GC policy for the management and

disposal of surplus Media

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 The sanitization process allows for the
declassification of data storage media, permitting its
release outside the department.

Historically, Media sanitization consisted of simply

Are we really erasing the data on the Media or physically

destroying the Media.

sanitizing? Current Media technology is more difficult to

verifiably erase and/or destroy in accordance with
departmental IT security policy.

To reduce sanitization costs, media encryption has

emerged as a preferred option.

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 Encryption throughout the life cycle of the Media,
facilitates fast and effective sanitization and eases
the destruction requirements at the end-of-life of the
Media.

Departments are advised to routinely encrypt all

Are we really Media, throughout their life cycle, to protect the
ongoing confidentiality of departmental data after
sanitizing? Media decommissioning and disposal.

Traditional overwriting and destruction methods may

still be used, but they are more effective in
combination with underlying encryption to make data
non-recoverable.

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
GC Media
Sanitization
process

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 The clearing and declassification process utilizes a risk-management
approach that considers three broad ranges of sensitivity for data
that may persist on IT storage media.

2.1.1.1 Low Sensitivity

1.M e d i a h a s l o w s e n s i t i v i t y w h e n i t c o n t a i n s o n l y U n c l a s s i f i e d o r
Protected A data. This level applies to the majority of networked
computers on unclassified systems where files are centrally stored
Levels of on servers.

2.1.1.2 Medium Sensitivity

Sensitivity 2.M e d i a h a s m e d i u m s e n s i t i v i t y w h e n i t c o n t a i n s a n y P r o t e c t e d B o r
Confidential data, even where the media might contain data of lower
sensitivities

2.1.1.3 High Sensitivity

3.M e d i a h a s h i g h s e n s i t i v i t y w h e n i t c o n t a i n s a n y d a t a t h a t i s
c l a s s i f i e d To p S e c r e t , S e c r e t o r P r o t e c t e d C , o r i f t h e M e d i a h a s
ever been attached or connected to a system that contains such data.

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 Sanitization is a non-destructive declassifying method to
make data non-recoverable while leaving the Media in a re-
usable condition in accordance with departmental and GC IT
security policy.

The main sanitization methods are:

Sanitization 1.Erase-and-Reset: Although not a true form of full
sanitization it is equivalent in some cases.
Methods 2.Overwrite and Secure Erase: Traditional processes to remove
all data.

3.Crypto Erase: Process to remove encryption keys in order to

make encrypted data unreadable.

4.Degaussing: Destruction of the magnetic coherence of data

elements on magnetic IT media.

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 Shredding, Disintegration and Crushing

Destruction Incineration and Melting

Knurling and Surface Grinding

Methods

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 It is essential that the sanitization of the Media be
verified to ensure the confidentiality of departmental
data on the Media. There are two types of verification:

•Verify every memory location

•Verify a representative sampling of memory locations

Sanitization effectiveness varies with different Media

Verification technology. Legacy sanitization processes may be
ineffective and the verification of the sanitization
process may be difficult or not possible.

If Media verification cannot be performed, use an

alternative sanitization method that can be acceptably
verified.

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006
 https://cyber.gc.ca/en/guidance/it-media-sanitization-
itsp40006

Reference Links
https://nvlpubs.nist.gov/nistpubs /
SpecialPublications /NIST.SP.800-88r1.pdf

Retrieved fromhttps://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006