What is NOT a common method for Data Sanitization?

A. Clearing
B. Destruction
C. Encryption
D. Purging

Answer: C

Explanation:

A. Clearing

Clearing is a level of sanitization that protects against "keyboard attacks" (simple data recovery tools).  

• The Method: It typically involves overwriting the media with a new pattern of data (such as all zeros or random bits).

• The Limitation: It is used for media that will be reused within the same organization or security boundary. It may not prevent recovery using specialized laboratory equipment (like magnetic force microscopy).

B. Destruction

Destruction is the most absolute form of sanitization.

• The Method: This involves physically damaging the media so that it can never be used again.  Examples include disintegration, incineration, pulverizing, or shredding.  

   +1

   

• The Use Case: This is the preferred method for highly sensitive data or when the storage media (like a failed hard drive) can no longer be overwritten or degaussed.  

C. Encryption

Encryption is a Cryptographic Control used to ensure Confidentiality.  

• Why it's the Answer: Encryption transforms data so that it cannot be read without a key, but the data (the ciphertext) still exists on the disk. Sanitization aims to remove the data entirely.  

• The Nuance: While "Crypto-erasure" (destroying the encryption keys so the data can never be decrypted) is a recognized sanitization strategy, encryption itself is a protection state, not a sanitization method.

D. Purging

Purging is a more advanced level of sanitization than clearing.

• The Method: It makes data recovery infeasible even in a laboratory environment. For magnetic media (HDDs), this often involves Degaussing—using a powerful magnetic field to scramble the magnetic domains on the disk.  

•  The Risk: Degaussing is effective for magnetic disks but does not work for Flash-based media like SSDs or USB sticks.  For SSDs, purging usually involves a "Secure Erase" command at the firmware level.