You would think, in any company or agency that has ultra-sensitive information they would leave the most sensitive on a system that is completely cut off and sealed off from every other system. IE A server sitting in a room plugged in only to the power outlet.
But who said there is common sense in the government or corporate world? As we all know the so-called smartest people usually lack common sense.
2. Filter out all of the sensitive stuff
3. Generate a report of the findings for non-secret consumption.
Now how to get it onto the main network for publishing and distribution. Could use a thumbdrive, but it could have a virus on it. Could do some sort of sneakernet, but what if you have dozens of such reports to create on a daily basis?
locations/organizations with sensitive information should have internal networks that have NO physical, external network or internet capable connection and have no user-access points, local or remote that have external connections; even if it means certain people at these locations have more than one PC/terminal that they have to do their work on; and “sharing” sensitive information, even between authorized persons, should NOT be achieved using Internet connections, “secure” or otherwise.