Wednesday, May 06, 2009

Why Information Must Be Destroyed, Part Two

Ben Rothke looks at how to destroy digitally stored information. Includes pros and cons of in-house and outsourced data destruction.

In the first installment of Why Information Must Be Destroyed I discussed how not discarding worthless hard copy documents, even though they appear to have no value is a security risk. While this is true for physical hard copies, it is even more relevant for digitally stored data.

This installment deals with the process of destroying hard drives and other digital media. This is commonly known as disk sanitization or data purging.

Unfortunately, far too few organizations realized the need for the issue, and therefore few have formalized processes around data purging.

What needs to be destroyed?

The Unified Compliance Framework (UCF) media destruction recommendations include handling guidance for the destruction of 48 different media types including compact flash drives, electronically erasable PROM (EEPROM), magnetic tape and more. The UCF also identifies the appropriate data elimination practice for each type of data storage asset including the use of secure erase, chemically clean, ultraviolet erase, and shredding.

Ultimately, any device capable of storing data that has reached the end of its usable life must be addressed by a policy that effectively mandates the elimination of any trace of legacy data. Essentially, any storage medium; including optical media, backup media, cassettes, VHS tapes, floppy disks, X-rays, microfiche, microfilm, intelligent mobile devices (BlackBerry, smartphone, etc.), ID cards, and credit cards; that contains any confidential or personal information should be addressed in policies regarding access, retention, handling and destruction. [See also The Seven Deadly Sins of Record Retention.]

For example, a smartphone, be it a BlackBerry or iPhone, presents a significant risk to data loss protection efforts if adequate disposal procedures are not applied. Smartphones often contain a poorly protected image of the user's complete inbox, contact information and other confidential information present on their workstation. Yet, despite security measures to protect workstations and organizational messaging systems, smartphones often are neglected.

To Continue Reading: Click Here
------------------------------------------------------
Source: csoonline.com
By: Ben Rothke
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)