Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods
|
|
- Prudence Shelton
- 8 years ago
- Views:
Transcription
1 SECURIS SM Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods Information Systems Security Association (ISSA) Baltimore Chapter Monthly Meeting January 27, 2016 Hugh McLaurin, CSDS
2 Agenda The need to protect data when IT systems are decommissioned Methods and techniques, tools Important factors to consider What do you do?
3 Two important aspects of managing IT/Electronics end-of-life disposition Protecting the Environment Hazardous materials Reclamation of reusable materials Protecting your Data Customer, company, personal information Preventing data breaches or identity theft PCs, laptops, servers, clients, phones, tablets, copiers
4 Last Line of Defense Companies/institutions go to extraordinary lengths to protect data during life of IT systems Cybersecurity explosion Don t forget to do the same when decommissioning! 4
5 Data Breach Risks Data breach stakes are higher than ever Average cost per breach event in the U.S. = $7.2 M 1 10% of data breaches are due to improper disposal
6 Data Breach Risks Data breach stakes are higher than ever Average cost per breach event in the U.S. = $7.2 M 1 10% of data breaches are due to improper disposal 2 But it s more than an issue of $$ Classified data (e.g., government) in wrong hands Regulated information (e.g., healthcare) Intellectual property and proprietary data Company reputation and trustworthiness Liabilities
7 Plan for Data Protection at End of Life Treat as an integral part of IT asset management and IT system operations A critical piece of the overall cybersecurity solution set It shouldn t be an afterthought Budget How vulnerable and risk averse is your work sector? Healthcare, Financial, Government (incl. contracting), Legal, Regulatory oversight and penalties Classification or sensitivity of data Customer requirements How determined might your adversary be? The tools and vendors you choose depend on these factors One size doesn t necessarily fit all 7
8 Tools for Protecting Data at IT Asset End of Life Degaussing (HDDs, magnetic storage media) Physical destruction (shredding) Solid state devices and Micro-shredding Destruction vs. Sanitization 8
9 Hard Disk Drive Degaussing Intense magnetic field erases data on magnetic media and renders HDDs useless Necessary for classified and extremely sensitive data Equipment listed on NSA Evaluated Products List (EPL) meets rigorous NSA standards Required for DOD/Class projects Typically, classified data requires two-stage process of degaussing followed by shredding Throughput important for larger data destruction jobs 9
10 Data Destruction Securely Shredded Data Storage Devices The brute-force process of physically shredding hard drives, cell phones, tapes and other data storage media and devices Appropriate for most data when coupled with secure chain of custody and state-of-the-art destruction equipment Throughput important for larger data destruction jobs
11 Legacy Data Storage Continues to Evolve HDD size and cost diminish as memory density increases Good news for shredder Impacts decisions on data destruction techniques 11
12 Evolution Includes Transition to Solid State Memory Destruction requires different techniques for non-magnetic storage media (e.g., Flash)
13 In Some Cases, Particle Size Matters Traditional HDD shredders usually aren t appropriate for SSD s or flash memory devices such as SD cards, thumb drives, etc. Typically, a shred dimension of 2 mm or smaller is required (per NSA) to break through the memory chips and securely obliterate the data 13
14 New Technology Requires New Techniques 14
15 Micro Shredding (Hammer Mill) Pulverize Class SSDs, Flash memory, phones/pdas, circuit boards, other solid state devices to meet <2mm particle size standards 15
16 Destroying vs. Sanitizing Memory Why Destroy? NSA does not prescribe software wiping for any type of data storage device Data can be retrieved from dead sectors that are not overwritten when wiped Potential for hidden data in internal memory Shredding better mitigates the risk of human error A wiped drive and a non-wiped drive look exactly the same Wiping takes a long time The higher storage density of the drive, the longer it takes to overwrite the data With higher volumes, you consume more time and processing power (and $) to wipe the drives Evolution of data storage devices Chances are that old hard drive isn t all that useful Shredding is more fun to watch
17 No Such Agencies Class/UnClass Data media_destruction_guidance/ nispom pdf _01_oct_11_2007_final_agreement.pdf Publications/NIST.SP r1.pdf
18 Certifications Requires recyclers to sanitize, purge or destroy all data in secure environment Rigorously audited by independent third party in more than 50 areas 18
19 Additional Factors to Consider Vendor Certifications (NAID AAA, R2 or e-stewards) Secure chain of custody (Processes/procedures, DLIS certification) On-site vs. off-site destruction services Closed-loop, end-end processes and partnerships Documentation Certificate of Data Destruction Asset Report Traceability from your custody to destruction/disposition 19
20 The IT Infrastructure Landscape Has Evolved
21 The Internet of Things Data Gone Wild Re-evaluate: Vulnerabilities Methods Tools 21
22 Contact Information Hugh McLaurin, CSDS Owner, Securis Central Maryland Office Cell
23 Securis Core Strengths Responsible E-waste Recycling & End of Life Disposition Onsite removal service for recycling of retired IT assets in compliance with our Zero-Export, Zero-Landfill Policy and R2 Certification Data Shredding Mobile industrial shredder or Micro Shredder destroy computer hard drives, solid state drives, cell phones, back-up tapes, DLT, LTO, and other data storage devices onsite with staff witness or off-site at our secure processing facility Data Degaussing Mobile State-of-the-art LM-4 degausser is specially designed to destroy large quantities of magnetically-stored electronic media onsite at your facility with a staff witness or off-site at our secure processing facility Chain of Custody Auditing & Reporting Final documentation includes auditable inventory list of all IT assets that were recycled or destroyed as well as a Certificate of E-waste Recycling and Destruction for your records
24 Securis Recycling Process From Start to Finish Onsite removal service of all IT assets Downstream processing of parts in compliance with Zero-Export, Zero- Landfill policy Secure, End-to-End Process Scanning for auditable inventory list Physical disassembly of units at Securis s secure facility All units checked for data
25 Securis Background Experience 10+ years of experience in IT asset disposal and data destruction Locations 8 East Coast locations - Maryland franchise locations opened in 2013 Certifications R2 (recycling) and NAID AAA (data destruction) Customers Government (Federal, State and Local) Government Contractors Financial Institutions Healthcare Educational Institutions Technology Sector, etc.
26 Securis Process for Classified Data Destruction Compliant with DSS and NSA requirements Step-by-step written description of the Securis process for the destruction of government classified hard drives Onsite at the government or contractor s facility Off-site at Securis facility 26
That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.
Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20
More informationCD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services
Destruction and Recycling Services An ISO 9002-compliant company Audited 100% data destruction and green recycling 2014 Commercial Catalog Edition 2014 www.cdrominc.com CD Rom, Inc. Table of Contents About
More informationCENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE
IT ASSET DISPOSITION Technology is introduced to business workflows to increase productivity and boost earnings. When the time comes to remove off-lease and end-oflife IT assets, shouldn t those goals
More informationA Guide to Minimizing the Risk of IT Asset Disposition
A Guide to Minimizing the Risk of IT Asset Disposition Who is concerned about risk? They may not think about it terms of risk, but almost everyone at your organization is worried about the chinks in its
More informationForm #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services
Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.
More informationSecure Mobile Shredding and. Solutions
Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled
More informationDestruction and Disposal of Sensitive Data
Destruction and Disposal of Sensitive Data Good Practice Guidelines Version: 3.0 Date: March 2015 1 Copyright 2015, Health and Social Care Information Centre. Contents 1. Introduction 3 1.2 Aims and Objectives
More informationSamsung WEEE Management Policy (US and Canada)
Samsung WEEE Management Policy (US and Canada) 1. Purpose These requirements aim to minimize environmental impacts caused by all Electronic Waste generated by Samsung's US and Canadian operations and programs,
More informationOther terms are defined in the Providence Privacy and Security Glossary
Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:
More informationSecure Data Destruction
Secure Data Destruction Secure Data Elimination (Degauss) Onsite Magnetic Degaussing service eliminates data from Tape and Magnetic Hard Disk media Portable machines allow for degaussing to be competed
More informationNATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised:
NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12 Issue Date: 15 December 2014 Revised: NSA/CSS STORAGE DEVICE SANITIZATION MANUAL PURPOSE AND SCOPE This manual provides guidance
More informationChallenges and Solutions for Effective SSD Data Erasure
Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional
More informationDigital Data Destruction D3 Services, Inc.
Audited 100% Data Destruction and Green Recycling An ISO 9002 Compliant Company GSA Catalog Nov 2009 Edition 9-03 General Service Administration Federal Supply Catalog Digital Data Destruction Services,
More informationUMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05
UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 I. POLICY STATEMENT Increasing amounts of electronic data are being transmitted and stored on computer systems and electronic media by virtually
More informationTechnical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization
TECHNICAL REFERENCE DOCUMENT Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization Recommendations Key Points: of the National Real world compliance
More informationUnderstanding Data Destruction and How to Properly Protect Your Business
Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business I. Abstract This document is designed to provide a practical
More informationMEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER
MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER EXECUTIVE SUMMARY The combination of an increasingly mobile workforce and rapid technology innovation means organisations must work harder
More informationCCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd
CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate
More informationNo More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt.
No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt. Data disposal can be a tricky path to navigate. You re looking for an answer, but there aren t many that are 100% reliable, can
More informationThe nation s largest privately held records and information management company
The nation s largest privately held records and information management company Our mission is clear: to lead the records and information management industry by providing our clients the very best service.
More informationBest Practices for Responsible Disposal of Tape Media
Best Practices for Responsible Disposal of Tape Media The Environmental and Economic Benefits of Recycling vs. Destruction White Paper The Data Media Source San Jose, CA Data Media Source 2006 For use
More informationالدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات
- البحرين الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات Agenda The problem Traditional Methods Case Study Recommendation The problem What
More informationData Security for ITAD, Corporate & Consumer Electronics
Up cy cle \ ŭp-sỳ-kil\ v (ca. 2011) 1. the action of giving devices a second life 2. the mission to keep electronics out of landfills 3. to fund important causes without writing a check 4. to nearly double
More informationStudent Guide. informationsecurity.training@dss.mil
Short: Disposal and Destruction of Classified Information Objective POC Estimated completion time Identify the who, what, when, why, and how concerning disposal and destruction of classified information
More informationArrow IT Asset Disposition Trends Report
IT Asset Disposition ITAD Trends Report Arrow IT Asset Disposition Trends Report The data is in, and IT-industry practitioners have made it clear that concern over data security is the number one reason
More informationIT asset disposal for organisations
ICO lo Data Protection Act Contents Introduction... 1 Overview... 2 What the DPA says... 3 Create an asset disposal strategy... 3 How will devices be disposed of when no longer needed?... 3 Conduct a risk
More informationResponsibly Retiring IT Assets, Medical or Laboratory Equipment
Responsibly Retiring IT Assets, Medical or Laboratory Equipment Agenda Introductions David Zimet, President, Hesstech, LLC Industry Overview Key Issues When Retiring Electronic Equipment Data Security
More informationSolid-State Drives with Self-Encryption: Solidly Secure
Solid-State Drives with Self-Encryption: Solidly Secure 09/22/2011 Michael Willett Storage Security Strategist SAMSUNG SOLID STATE DRIVES Solid-State Drives SSD ADVANTAGES SOLID STATE DRIVES Save $$ on
More informationOffice Equipment Disposal Policy
Office Equipment Disposal Policy R ISK MANAGEMENT HANDOUTS OF L AWYERS MUTUAL LAWYERS MUTUAL LIABILITY INSURANCE COMPANY OF NORTH CAROLINA 5020 Weston Parkway, Suite 200, Cary, North Carolina 27513 Post
More informationHow To Destroy Data From A Hard Drive
Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Whether you require data destruction supplementary or exclusively to our IT disposal solution, our fully security screened
More informationState of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:
State of Vermont Digital Media and Hardware Disposal Standard Date: Approved by: Policy Number: 1.0 INTRODUCTION... 3 1.1 Authority... 3 1.2 Scope and Purpose:... 3 2.0 STANDARD... 3 2.1 Preface... 3 2.2
More informationMedia Disposition and Sanitation Procedure
Media Disposition and Sanitation Procedure Revision History Version Date Editor Nature of Change 1.0 11/14/06 Kelly Matt Initial Release Table of Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope...
More informationsecure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding
secure shredding Secure Shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Does This Sound Familiar? I want to protect my company s reputation and
More informationPreventing Final Disposition Data Breaches
Preventing Final Disposition Data Breaches How to Evaluate an ITAD Vendor for Your Organization By: Jim Kegley Founder, President and CEO, U.S. Micro Corporation The IT asset disposition (ITAD) industry
More informationApproved By: Agency Name Management
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Media Protection Policy Every 2 years or as needed Purpose: The intent of the Media Protection Policy is to ensure the
More informationValue Recovery Enterprise IT Asset Disposition
Value Recovery Enterprise IT Asset Disposition arrowvaluerecovery.com Enterprise IT Asset Disposition The world of Five Years Out is all about new thinking, new materials, new standards New everything.
More informationTable of Contents 01 How to minimize cost in the ITAD Process. 02 Four ways to maximize investment recovery
IT Asset Manager s Guide to Disposition As the person accountable for managing the life cycle of your organization s IT assets, you have a number of unique concerns in regard to the disposition of those
More informationDoes it state the management commitment and set out the organizational approach to managing information security?
Risk Assessment Check List Information Security Policy 1. Information security policy document Does an Information security policy exist, which is approved by the management, published and communicated
More informationBuilding an ITAD Program:
Building an ITAD Program: What Your Company Needs To Know By: Integrated Communications & Technologies Contents 3 4 6 7 8 9 Introduction Understanding The Concepts of IT Asset Disposition Evaluating by
More informationSJSU Electronic Data Disposition Standard
SJSU Electronic Data Disposition Standard Page 1 Executive Summary University data is at risk as long as it is persistently stored on electronic media. This means that data must be properly cared for during
More informationwww.datasecurityinc.com 1-800-225-7554 sales@telesis-inc.com
www.datasecurityinc.com 1-800-225-7554 sales@telesis-inc.com Overview For more than 27 years Data Security Inc. has been manufacturing degaussers to support the Department of Defense (DoD) requirements
More informationStopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD. Whitepaper
Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com
More informationTrustworthy Mobile Security for Smartphones, Tablets, etc. Is there an App for that?
Trustworthy Mobile Security for Smartphones, Tablets, etc. is there an App for that? intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com
More informationWaste, Not! Recovering Value from Unused and Surplus IT Assets
Waste, Not! Recovering Value from Unused and Surplus IT Assets A CNE Direct Whitepaper Contents 2 Introduction 3 The Asset-Value Recovery Landscape 4 Five Steps to Maximizing Asset-Value Recovery 6 Conclusion
More informationFIVE BEST PRACTICES FOR PROTECTING BACKUP DATA
OFFSITE DATA PROTECTION FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA Backup encryption should be one of many activities that formulate a comprehensive security strategy. In many environments, storage
More informationManaging Records: Retention, Destruction and Disposal
Managing Records: Retention, Destruction and Disposal Presentation by Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, CT April 10, 2014 Today s Program Identify the universe of records involved Distinguish
More informationManaging and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS
Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Blancco White Paper Published 14 February 2013 Introduction Advanced mobile devices like
More informationPayment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
More informationThis article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008.
Designing a Co m p l i a n t Re c o r d Retention Policy for Your Business This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. by Jenna
More informationT: 01 88 45 999 www.cyclonearchive.ie. Records Management Made Simple.
Records Management Made Simple. Document Storage Cyclone offers customers a complete end -to-end service including box collection, bar code tracking, document retrieval, delivery, and status reporting.
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationTABLE OF CONTENTS MRK GROUP LTD CAPABILITIES 2 GSA AWARDED TERMS AND CONDITIONS 3 AWARDED GSA PRICE LIST 6
GENERAL SERVICES ADMINISTRATION FEDERAL SUPPLY SERVICE 899-ENVIRONMENTAL SERVICES AUTHORIZED FEDERAL SUPPLY SCHEDULE PRICE LIST On-line access to contract ordering information, terms and conditions, up-to-date
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationProperty Accounting Procedure Manual
Property Accounting Procedure Manual Property Accounting Procedure 06-2013 1 Table of Contents Property Accounting Responsibilities... 3 General Guidelines Concerning Capital Equipment... 3 Acquisition...
More informationdocument destruction Our passion.
document destruction Your office. Our passion. safeguard Our secure destruction service meets all the necessary compliances and helps to support ISO 9001, ISO 14001 and CSR objectives as well as improving
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationCITY UNIVERSITY OF HONG KONG. Information Classification and
CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationRECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management
RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES Cost-Effective, Legally Defensible Records Management Does This Sound Familiar? A data breach could send our share price tumbling. I need to minimise our
More informationInformation retention and disposal guide. Date: 31 October 2014 Version: 2.0
Information retention and disposal guide Date: 31 October 2014 Version: 2.0 Contents 01. Guidelines The data challenge 5 Compliance what is it and why is it important? 6 The compliant data journey 7 Case
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationOUR SERVICES... SUPPLY CHAIN SERVICES ONSITE SERVICES IT RECYCLING SERVICES
SERVICES OVERVIEW OUR SERVICES... ONSITE SERVICES Onsite Shredding Services Onsite Data Erasure Services Onsite Document Destruction Services Onsite Hard Drive Destruction Services Data Centre Decommissioning
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationCopier Data Security:
Copier Data Security: A Guide for Businesses Federal Trade Commission business.ftc.gov Does your company keep sensitive data Social Security numbers, credit reports, account numbers, health records, or
More informationCopier Data Security:
Copier Data Security: A Guide for Businesses Federal Trade Commission business.ftc.gov Does your company keep sensitive data Social Security numbers, credit reports, account numbers, health records, or
More informationAsset recovery Balancing risk and opportunity
Asset recovery Balancing risk and opportunity Table of contents Executive summary...2 Risks and rewards in the asset recovery process...2 Opportunities in asset recovery...2 The challenge of the IT lifecycle...3
More information**************** UNCLASSIFIED / **************** Precedence: ROUTINE DTG: 281759Z Aug 12 Originator: DON CIO WASHINGTON DC(UC) UNCLASSIFIED//
**************** UNCLASSIFIED / **************** Precedence: ROUTINE DTG: 281759Z Aug 12 Originator: DON CIO WASHINGTON DC(UC) UNCLASSIFIED// FROM: DON CIO WASHINGTON DC TO: ASN(M&RA) ASN(RD&A) ASN(EI&E)
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationwww.williamsdatamanagement.com 323-234-3453
www.williamsdatamanagement.com 323-234-3453 RECORDS MANAGEMENT Since 1922, Williams has provided its clients world class services and technologies ensuring the safety, security, and protection of their
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 6 I. Policy UW-Madison strives to ensure the privacy and security of all patient/clients protected health information in the maintenance, retention, and eventual destruction/disposal of such
More informationhttp://www.guardianedge.com/
Full Disk Encryption & IT Asset Disposition: Protecting Data During the PC Disposal Process A GuardianEdge White Paper 4/7/2006 The information contained in this document represents the current view of
More informationA comprehensive tape storage solution that meets the need for back-up, archive, disaster recovery and application storage, while reducing your cost
A comprehensive tape storage solution that meets the need for back-up, archive, disaster recovery and application storage, while reducing your cost of ownership. What is datassure TM? From simple labelling
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationContents. Instructions for Using Online HIPAA Security Plan Generation Tool
Instructions for Using Online HIPAA Security Plan Generation Tool Contents Step 1 Set Up Account... 2 Step 2 : Fill out the main section of the practice information section of the web site.... 3 The next
More informationRecord Custodian to Health Information Steward Best Practices in Record Retention, Storage, and Destruction
Record Custodian to Health Information Steward Best Practices in Record Retention, Storage, and Destruction Indian Health Services Health Information Management Meeting Sharon Lewis, MBA, RHIA, CHPS, CPHQ
More informationComputer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)
Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj 1-1) Storage The place in the computer where data is held while it is not needed for processing A storage device is device used to record (store)
More informationKeep Your Data Secure: Fighting Back With Flash
Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationHard Drive Retention Offering for Xerox Products in the United States
Hard Drive Retention Offering for Xerox Products in the United States November 19, 2013 2013 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the
More informationBeazley presentation master
The Art of Breach Management Beazley presentation master February 2008 A Brief Review of Data Breaches What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity
More informationwww.infoshred.com LLC Your key to secure information management.
www.infoshred.com LLC Your key to secure information management. History of the Company Infoshred began in 1993 as a division of Recyclers LLC, a South Windsor, CT recycling business. Its creation was
More informationDeveloping a Records Retention Program
Developing a Records Retention Program This site is intended to help you design and implement a records retention program for your organization. Here you will find a basic explanation of a records retention
More informationSpecial Presentation: HIPAA Survival. Dr. Ty Talcott CHPSE PH: 214.437.7559 admin@hipaacomplianceservices.com
Special Presentation: HIPAA Survival Dr. Ty Talcott CHPSE PH: 214.437.7559 admin@hipaacomplianceservices.com A Little about me. Ski Lift Acrobatics Do you know the Four New Threats to chiropractors for
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationPrivacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues
Doing Business in Oregon Under the Oregon Consumer Identity Theft Protection Act and Related Privacy Risks Privacy Data Loss www.breachblog.com Presented by: Mike Porter March 10, 2009 2 Privacy Data Loss
More informationGet rid of it Securely to keep it Private
Get rid of it Securely to keep it Private Best Practices for the Secure Destruction of Personal Health Information Information and Privacy Commissioner, National Association for Information Destruction,
More informationRecycling Electronics to Create Local Jobs for People with disabilities
A 501c3 Social Enterprise COLORADO SPRINGS ENVIRONMENTAL HEALTH & SAFETY REPORT Recycling Electronics to Create Local Jobs for People with disabilities www.bluestarrecyclers.com 2016 Blue Star Recyclers
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationARCHIVE CORPORATION Professional Information Management Since 1984
Professional Information Management Since 1984 SECURE DATA SERVICES HARD COPY STORAGE for Paper Records BACKUP DATA VAULTING for Magnetic Media SCANNING SERVICES for Daily Documents or Projects *Document
More informationThere are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened.
Data Spills Short Introduction There are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened. When data spills occur, they
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationGUIDE TO: DATA RECOVERY & DATA DESTRUCTION SPONSORED BY WWW.ONTRACKDATARECOVERY.COM.SG
WWW.ONTRACKDATARECOVERY.COM.SG CONTENTS: INTRODUCTION TYPES OF DATA AND MEDIA DAMAGE AND OPTIONS FOR RECOVERY THE CHALLENGES OF DATA RECOVERY FROM VIRTUAL MACHINES INCLUDING DATA RECOVERY IN YOUR BYOD
More informationHard drives dumped; information isn't DON'T BE SMUG IN THINKING PERSONAL DATA HAS BEEN ERASED By Larry Magid Special to the Mercury News
Erase Your Hard Drive Permanently erase files, emails, & Data from hard drive. Guaranteed! O&O DiskRecovery V3.0 Data Recovery for Windows with DeepScan function - Free Trial Delete porn history files
More informationHarbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008
Document version: 2.8 Issued to: Harbinger Escrow Services Issued by: Harbinger Group Pty Limited Delivered on: 18 March 2008 Harbinger Group Pty Limited, Commercial in Confidence Table of Contents 1 Introduction...
More informationCITY UNIVERSITY OF HONG KONG. Inventory and Ownership Standard
CITY UNIVERSITY OF HONG KONG Inventory and Ownership Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September
More informationSeptember 28 2011. Tsawwassen First Nation Policy for Records and Information Management
Tsawwassen First Nation Policy for Records and Information Management September 28 2011 Tsawwassen First Nation Policy for Records and Information Management Table of Contents 1. RECORDS AND INFORMATION
More informationHIPAA & HITECH AND THE DISCOVERY PROCESS
HIPAA & HITECH AND THE DISCOVERY PROCESS HEATHER L. HUGHES, J.D. U.S. Legal Support, Inc. 363 North Sam Houston Parkway East, Suite 900 Houston, Texas 77060 (713) 653-7100 State Bar of Texas 8 th ANNUAL
More information