|
|
- Robert Elliott
- 8 years ago
- Views:
Transcription
1
2 Overview For more than 27 years Data Security Inc. has been manufacturing degaussers to support the Department of Defense (DoD) requirements for complete erasure of classified or sensitive magnetic storage devices. Data Security Inc. s main focus is to develop and manufacture high performance degaussers and hard drive destruction devices that guarantee the complete erasure of data stored on existing and future magnetic data storage formats. Because of Data Security s continuing focus on meeting National Security Agency (NSA) standards, we have developed a close working relationship with them. This relationship givse us insight into current and future media formats, as well as the various requirements for sanitizing them. Degaussers listed in the NSA Evaluated Products List-Degausser are ideal tools for organizations required to comply with DoD requirements, NISPOM, National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA) and privacy legislation, including the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
3 Data at Risk Data at Risk Media at Risk Acquisition Methods Classified or Sensitive DoD Defense Contractors Proprietary Information Personal Identity Information SSN Banking Health care information Desktop Hard Drives Laptop/Notebook Hard Drives HDDs in storage array Server Drive External USB Drives Firewire Drives USB Devices Magnetic Tapes Flash Cards CD & DVD Dumpster Diving Acquire improperly sanitized electronic media Laboratory reconstruction Hot Swapped Media Media in Transport Theft Developing countries do not have enough funding to catch up to developed countries, so they steal information and technology. FBI Identity theft costs $50 billion/year. Federal Trade Commission
4 Data at Risk In the News Electronic Afterlife: What you don t want to know about improper computer disposal, but should Hundreds of thousands of tons of E-waste are shipped overseas to developing countries each year, even after promises that the waste will be safely and locally recycled. Many of the countries receiving our E-waste are listed by the U.S. Department of State as the top sources of cyber crime. -Peter Klein, Digital Dumping Ground Documentary (2009) PA: Health Insurer Loses Hard Drive Comprising 280,000 Medicaid Patients Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan announced that a hard drive containing the personal health information has been misplaced. Yet to be recovered, the drive contains patient addresses, DOBs, health information, and both full and partial Social Security numbers. -Jane M. Von Bergen, The Philadelphia Inquirer (October 2010) TX: Stolen Hard Drive Compromises 79,000 Airline Employees American Airlines reported a hard drive stolen from headquarters. The drive contains sensitive files for current and former employees dating back to 1960, including Social Security numbers, health insurance, and bank accounts. Some employee files also contained information on beneficiaries and dependents. -Angela Moscaritolo, SC Magazine (July 2010) NJ: Data Breach Costs Credit Card Payment Company $130 Million After agreeing to a $60 million settlement with Visa earlier in the year, Heartland Payment Systems has added another $41 million for MasterCard as the result of a 2008 data breach which resulted in thousands of fraudulent charges. - (June 2010)
5 Regulatory Environment
6 Regulatory Environment The NIST Guidelines for Media Sanitization refer to the NSA for products to sanitize magnetic media. NIST Special Publication , pg The HIPPA Security Rule (SR) requires the final disposition of information/the hardware electronic media on which it is stored; HIPPA refers to NIST/NSA. Department of Health & Human Services HIPP Physical safeguards; Final Rule Under the HITECH Act ( The Act ), business associates are now directly on the compliance hook; ie. required to comply with the Security Rule (SR) or be fined for willful neglect ($250,000 per fine). HITECH Act Sec Application of Security Provisions and Penalties to Business Associates of Covered Entities; Annual Guidance on Security Provisions The Gramm-Leach-Bliley (GLB) Act requires financial institutions to ensure the security and confidentiality of personal information obtained from their customers by erasing, degaussing or destroying electronic media. GBL Act, 15 U.S.C et seq., and the Federal Trade Commissions Standards for Safeguarding Customer Information, 16 CFR Part 314 Safeguards Rule The Payment Card Industry (PCI) Data Security Standard directs to destroy media containing cardholder data when it is no longer needed as follows: Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed (for example, degaussing). PCI DSS Requirements and Security Assessment Procedures, V1.2.1 pg 46
7 ISFO Process Manual Rev , page 152
8 ISFO Process Manual Rev , page 151 Note: The terms Type I-III are being replaced by the actual media coercivity rating.
9 Degausser Dictionary de gauss (d-gous) tr.v. de gaussed, de gauss ing, de gauss es 1. To neutralize the magnetic field of (a ship, for example). 2. To erase information from (a magnetic disk or other storage device). Gauss: the CGS unit of magnetic flux density or magnetic induction. Oersted: the CGS unit of magnetic field strength. The magnetic field produced at the center of a solenoid or coil magnetic field strength of one Oe is equivalent to magnetic flux density of one gauss. Coercivity: the amount of applied magnetic field required to reduce magnetic induction to zero Coercivity is usually measured in Oersted
10 Previous NSA Test Procedure
11 Current NSA Test Procedure Center for Magnetic Recording Research at the University of San Diego, California (CMRR) Guarantee that no data can be recovered by any means, including laboratory attack. Test degaussers Test media Strength Uniformity Potential Useful life Stress Test (durability) Coercivity of media Guaranteed erasure Uniformity of degausser field
12 Current NSA Test Procedure
13 Current NSA Test Procedure HD-5T 5000 Oersted Disk Before After
14 DoD Data Recovery Methods Disk Spin-Stand Testers Used for testing and experimenting with heads and disks Used mostly for R&D Tester writes specific data or servo pattern Very accurate for analyzing raw disks Reading a disk that has been written by a drive is more challenging Not cost-effective for routine data recovery Magnetic Force Microscopes (MFM) Best tool for analyzing magnetic data on disks Provides extraordinary imagery of the topology disk properties Probe is placed on the disk surface Time consuming Excellent tool for reading overwritten data Overwritten tracks leave portions of previously written data due to head shift Physical movement of drive Age of disk drive Deteriorating lubricants Current technology used by the NSA Tape Ferrofluidic Imaging Liquid which becomes strongly polarized in the presence of a magnetic field Composed of nanoscale ferromagnetic particles suspended in a carrier fluid, usually an organic solvent or water Tape tracks are made visible by coating the tape with a ferrofluid that is magnetically developing
15 Commercial Data Recovery Methods Disk Assess Disk Drive Operational Mirror data Create raw image to new media Component Failure Replace defective components Mirror data Create raw image to new media Logical/Software Failure Examining raw image at the low-level data sectors Apply fixes to file system structure Access data Restore data Tape Assess Tape Media Operational Test accessibility with lab equipment Component Failure Clean, splice and re-spool into new cartridge Create raw image from readable portions Examine low-level data sectors Determine tape fixes to format structures Access data Restore data
16 NSA/CSS Evaluated Products List-Degausser Introduction The EPL-Degausser (Evaluated Products List Degausser) specifies the model identification of current equipment units that were evaluated against and found to satisfy the requirements for erasure of magnetic storage devices that retain sensitive or classified data. Degaussers listed in this document are rated by the coercivity of the magnetic storage devices they can securely erase (tape and disk storage devices). Tape storage devices are defined as any product that contains magnetic tape as the recording medium. Disk storage devices are defined as any product that contains a flexible or rigid disk as the recording medium. Proper use of this equipment is necessary to ensure inadvertent disclosure of any level of classified or sensitive information. Any questions about equipment operations should be directed to the manufacturer.
17 Media Specifications Hard Drive Coercivity Chart Hard Drive Coercivity Chart
18 Disk Recording Longitudinal Recording Each bit of information is represented by a collection of magnetized particles. North and south poles oriented in one direction or the other parallel to the disk's surface in a ring around its center. Perpendicular Recording Poles are arranged perpendicular to the disk's surface. More bits can be packed onto a disk.
19 NSA/CSS Evaluated Products List-Degausser 9. Standalone Degaussers: These are standalone electromagnetic degaussers that provide automatic one pass operation for disk and tape storage device erasure. On hard disk drives, all extraneous steel shielding materials (e.g., cabinets, casings, and mounting brackets), but not the hard disk assembly, must be removed before degaussing. The degaussers must be operated at their full magnetic field strength. The erasure of hard disk drives causes damage that prohibits their continued use.
20 NSA/CSS Evaluated Products List-Degausser
21 HD-5T Degausser and DB-4000 Disk Drive Bender DUO Key Features : Listed on the National Security Agency (NSA) Evaluated Products List-Degausser (EPL-Degausser) NSA/CSS-EPL-9-12A. Meets all NSA, DoD, state, federal, financial and health care regulations, mandates and security guidelines. Simple, automatic operation; designed for reliability, performance, and operator safety. Fast; a combined cycle time of seconds per cycle with a throughput of drives per hour. Unique, internal Field CheckR provides magnetic field verification of the HD-5T degausser and satisfies requirements for degausser testing. With the largest chamber in an automatic destruction device, the DB-4000 accommodates oversized media as well as multiple pieces per cycle. Compact, lightweight and mobile; the optional cart provides the convenience of combining the degausser and destruction device in one place while providing effortless mobility. Built to last; requires no preventative maintenance or expensive repairs.
22 HPM-2 Degausser and DB-6000 Disk Drive Bender DUO Key Features : Listed on the National Security Agency (NSA) Evaluated Products List-Degausser (EPL-Degausser) NSA/CSS-EPL-9-12A. Meets all NSA, DoD, state, federal, financial and health care regulations, mandates and security guidelines. Fast; a combined cycle time of seconds per cycle with a throughput of hard drives per hour. Environmentally friendly solution; manual operation requires no electricity. DB-6000 destruction device allows choice of power sources: a manual handle or the added speed and efficiency of a cordless drill (drill not included). Compact, lightweight and mobile; the optional cart provides the convenience of combining the degausser and destruction device in one place while providing effortless mobility. Built to last; requires no preventative maintenance or expensive repairs.
23 Degausser testing Evaluated Products List-Degausser The EPL (Evaluated Products List) Degausser specifies the current models of commercial equipment that satisfy NSA/CSS requirements for erasure of magnetic storage devices retaining any level of classified or sensitive data. Listing on the EPL-Degausser does not constitute endorsement of the product by the USG or NSA/CSS; it only states that the evaluated degausser has met the applicable NSA/CSS performance requirements. Neither does the listing guarantee continued performance; customers should have their equipment re-tested periodically according the manufacturer s recommendations. ISFO Process Manual Rev , page Degaussers should be tested periodically using the timetable established by DSS and NSA. The degausser must be tested within six months after the initial new purchase or immediately if purchased used. Even products on the EPL must be re-tested twice a year for the first two years, then once a year thereafter. If the results are marginal, the degausser must be re-tested within six months.
24 Field CheckR Key Features: Listed in the National Security Agency Evaluated Products List-Degausser. Instantly verifies the magnetic field of any degausser. Designed to allow user the ability to test more often than annually or biannually.
25 Commercial Degaussers Not listed in the NSA EPL-Degausser Magnetic field is not strong General rule Gauss (Oersted) applied to media must be 2x Coercivity. Advertised Gauss is measured at the core. Magnetic fields dissipate very rapidly from the magnetic core. Disks located in center of HDD and top of HDD are subjected to fields much weaker than the Coercivity of the media.
26 Storage Excess media storage is a security risk. Additional inventory of excess media requires additional administrative procedures, storage space and labor necessary to control. Without adequate storage or sanitization procedures, classified magnetic media is often stored in obscure locations (behind bookshelves, false bottoms in desk drawers), increasing the risks associated with storing classified information. Media with large storage capacity and small physical size can be easily removed by employees (e.g., LTO III 400 GB, SDLTII 300 GB, VXA 160 GB).
27 Overwrite Challenges
28 Destruction: Paper, Optical, Key Tape, HDD after Degaussing, National Security Agency (NSA) provides Media Destruction Guidance. The NSA has determined that High Security Disintegrators listed on the Evaluated Products List provide adequate security for the destruction of paper, optical media (CDs and DVDs), and punched tape as annotated on the EPL. For destroying paper only, a list of evaluated High Security Crosscut Paper Shredders is available. For sanitizing magnetic media, a list of evaluated degaussers is available. NSA Guidance: it is highly recommended that the hard disk drive be physically damaged prior to release. (NSA/CSS 9-12 Storage Device Declassification Manual) NSA Evaluated Products List- HDD Destruction Devices, post degaussing, pending publication. Department of Navy Processing of Magnetic Hard Drive Storage Media for Disposal says all DoN-owned magnetic hard drive storage media will remain in DoN custody until degaussed, destroyed. Destruction can be as simply bending the hard drive. (DON CIO Privacy Term August 5, 2010)
29 Destruction After Degaussing Punched Folded Shredded least secure NSA preferred physical destruction method time consuming, expensive, and equipment requires frequent repairs
30 Destruction: Solid State Media NSA Guidance: Destruction to 2 mm particle size
31 SSMD-2mm Key Features: Meets National Security Agency (NSA) and Department of Defense (DoD) specification for the destruction of solid state media and optical media to 2 mm. Unique dual stage disintegration process destroys solid state storage media (memory cards, memory boards, thumb drives, cell phones, tablets, solid state drives) and optical media (CDs, DVDs, Blu-Ray disks). Simple, automatic push button operation, designed for reliability, performance, and operator safety. Senses and automatically adjusts to clear and prevent jams. Parts are designed for reuse, and easily rotate for a additional use, resharpening or quick replacement. Compact and clean, ideal for any setting, including offices.
32 Data Security, Inc. Contact us: Q Street Lincoln NE datasecurityinc.com
NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised:
NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12 Issue Date: 15 December 2014 Revised: NSA/CSS STORAGE DEVICE SANITIZATION MANUAL PURPOSE AND SCOPE This manual provides guidance
More informationCD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services
Destruction and Recycling Services An ISO 9002-compliant company Audited 100% data destruction and green recycling 2014 Commercial Catalog Edition 2014 www.cdrominc.com CD Rom, Inc. Table of Contents About
More informationProtecting Data in Decommissioned IT Assets: Factors, Tools and Methods
SECURIS SM Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods Information Systems Security Association (ISSA) Baltimore Chapter Monthly Meeting January 27, 2016 Hugh McLaurin, CSDS
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
More informationSecure Mobile Shredding and. Solutions
Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled
More informationThat s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.
Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20
More informationEvaluated Products List - Degausser
NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE FORT MEADE, MARYLAND Evaluated Products List - Degausser EVALUATED PRODUCTS LIST DEGAUSSER INTRODUCTION 1. The EPL (Evaluated Products List)-Degausser
More informationUnderstanding Data Destruction and How to Properly Protect Your Business
Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business I. Abstract This document is designed to provide a practical
More informationBest Practices for Responsible Disposal of Tape Media
Best Practices for Responsible Disposal of Tape Media The Environmental and Economic Benefits of Recycling vs. Destruction White Paper The Data Media Source San Jose, CA Data Media Source 2006 For use
More informationTechnical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization
TECHNICAL REFERENCE DOCUMENT Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization Recommendations Key Points: of the National Real world compliance
More informationOther terms are defined in the Providence Privacy and Security Glossary
Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:
More informationInformation Destruction Solutions
Information Destruction Solutions Products Guide PAPER SHREDDERS HARD DRIVE DEGAUSSERS HARD DRIVE DESTROYERS OPTICAL MEDIA DESTROYERS MIXED MEDIA DESTROYERS SECURE WASTE CONTAINERS Paper Shredders While
More informationDestruction and Disposal of Sensitive Data
Destruction and Disposal of Sensitive Data Good Practice Guidelines Version: 3.0 Date: March 2015 1 Copyright 2015, Health and Social Care Information Centre. Contents 1. Introduction 3 1.2 Aims and Objectives
More informationForm #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services
Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.
More informationWhitepaper. Mag EraSURE : the Cost-effective Solution for Securely Erasing Magnetically Recorded Data. Degausser
Mag EraSURE : the Cost-effective Solution for Securely Erasing Magnetically Recorded Data Until recently, most people did not question what became of a hard disk drive (HDD) when a computer was scrapped.
More informationHIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
More informationMedia Disposition and Sanitation Procedure
Media Disposition and Sanitation Procedure Revision History Version Date Editor Nature of Change 1.0 11/14/06 Kelly Matt Initial Release Table of Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope...
More informationDigital Data Destruction D3 Services, Inc.
Audited 100% Data Destruction and Green Recycling An ISO 9002 Compliant Company GSA Catalog Nov 2009 Edition 9-03 General Service Administration Federal Supply Catalog Digital Data Destruction Services,
More informationNCTE Advice Sheet Storage and Backup Advice Sheet 7
Storage and Backup No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. The risks are much greater
More informationPrivacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues
Doing Business in Oregon Under the Oregon Consumer Identity Theft Protection Act and Related Privacy Risks Privacy Data Loss www.breachblog.com Presented by: Mike Porter March 10, 2009 2 Privacy Data Loss
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationApproved By: Agency Name Management
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Media Protection Policy Every 2 years or as needed Purpose: The intent of the Media Protection Policy is to ensure the
More informationUMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05
UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 I. POLICY STATEMENT Increasing amounts of electronic data are being transmitted and stored on computer systems and electronic media by virtually
More informationTutorial on Disk Drive Data Sanitization. Summary. Introduction. Table of Contents
Tutorial on Disk Drive Data Sanitization Gordon Hughes, UCSD CMRR (gfhughes@ucsd.edu) Tom Coughlin, Coughlin Associates (tom@tomcoughlin.com) Summary Summary: user data is left on disk drives removed from
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationStudent Guide. informationsecurity.training@dss.mil
Short: Disposal and Destruction of Classified Information Objective POC Estimated completion time Identify the who, what, when, why, and how concerning disposal and destruction of classified information
More informationState of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:
State of Vermont Digital Media and Hardware Disposal Standard Date: Approved by: Policy Number: 1.0 INTRODUCTION... 3 1.1 Authority... 3 1.2 Scope and Purpose:... 3 2.0 STANDARD... 3 2.1 Preface... 3 2.2
More informationA comprehensive tape storage solution that meets the need for back-up, archive, disaster recovery and application storage, while reducing your cost
A comprehensive tape storage solution that meets the need for back-up, archive, disaster recovery and application storage, while reducing your cost of ownership. What is datassure TM? From simple labelling
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationStopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD. Whitepaper
Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com
More informationINFORMATION PROCEDURE
INFORMATION PROCEDURE Information Security Media Protection Procedures Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY MEDIA PROTECTION PROCEDURES
More informationSecurity for Disk Drive Data at Rest Disk Drive Opportunities?
Security for Disk Drive Data at Rest Disk Drive Opportunities?, CMRR gfhughes@ucsd.edu, 858-534-5317 Protect data where it lies In the disk drives where it resides Why not evolve the ATA password system
More informationHIPAA Security. assistance with implementation of the. security standards. This series aims to
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationCCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd
CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate
More informationCITY UNIVERSITY OF HONG KONG. Information Classification and
CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification
More informationJUST JUST WON T CUT IT. hen your PERSONAL SHREDDER. ShredStation Express. Thank You WON T CUT IT. when your JUST PERSONAL SHREDDER WON T CUT IT
hen your Thank You for your interest in franchising ShredStation Express About Us ShredStation Express is a leader in residential and small business information destruction and recycling. Through its various
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationElectronic Records Management Guidelines
Electronic Records Management Guidelines Contents Section 1: Authority... 1 Section 2: Purpose and Scope... 1 Section 3: Records Custodian Responsibilities... 2 Section 4: Information Systems that produce,
More informationChallenges and Solutions for Effective SSD Data Erasure
Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional
More informationOffice Equipment Disposal Policy
Office Equipment Disposal Policy R ISK MANAGEMENT HANDOUTS OF L AWYERS MUTUAL LAWYERS MUTUAL LIABILITY INSURANCE COMPANY OF NORTH CAROLINA 5020 Weston Parkway, Suite 200, Cary, North Carolina 27513 Post
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationCyber Security: Guidelines for Backing Up Information. A Non-Technical Guide
Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationDOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS
Overview. DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS A comprehensive and consistently applied document retention policy is necessary to reduce the risk of being charged with spoliation
More informationMEDIA SANITIZATION MANUAL
MANUAL DOE M 205.1-6 Approved: Admin Chg 1: 9-1-09 Admin Chg 2: 12-22-09 MEDIA SANITIZATION MANUAL U.S. DEPARTMENT OF ENERGY Office of the Chief Information Officer AVAILABLE ONLINE AT: www.directives.doe.gov
More informationTERMINAL CONTROL MEASURES
UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University
More informationGuidelines for Media Sanitization
NIST Special Publication 800-88 Guidelines for Media Sanitization Recommendations of the National Institute of Standards and Technology Richard Kissel Matthew Scholl Steven Skolochenko Xing Li C O M P
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationHard Drive Retention Offering for Xerox Products in the United States
Hard Drive Retention Offering for Xerox Products in the United States November 19, 2013 2013 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the
More informationPayment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationSecuring Data on Portable Media. www.roxio.com
Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 6 I. Policy UW-Madison strives to ensure the privacy and security of all patient/clients protected health information in the maintenance, retention, and eventual destruction/disposal of such
More information**************** UNCLASSIFIED / **************** Precedence: ROUTINE DTG: 281759Z Aug 12 Originator: DON CIO WASHINGTON DC(UC) UNCLASSIFIED//
**************** UNCLASSIFIED / **************** Precedence: ROUTINE DTG: 281759Z Aug 12 Originator: DON CIO WASHINGTON DC(UC) UNCLASSIFIED// FROM: DON CIO WASHINGTON DC TO: ASN(M&RA) ASN(RD&A) ASN(EI&E)
More informationProtecting. Personal Information A Business Guide. Division of Finance and Corporate Securities
Protecting Personal Information A Business Guide Division of Finance and Corporate Securities Oregon Identity Theft Protection Act Collecting, keeping, and sharing personal data is essential to all types
More informationA California Business Privacy Handbook
A California Business Privacy Handbook April 2008 This brochure is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice in
More informationEnsuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services
Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority
More informationالدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات
- البحرين الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات Agenda The problem Traditional Methods Case Study Recommendation The problem What
More informationACE Advantage PRIVACY & NETWORK SECURITY
ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with
More informationLocal Government Cyber Security:
Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationAccounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
More informationEnterprise Information Security Procedures
GHL Network Services Ltd Enterprise Information Security Procedures Prepared By Nigel Gardner Date 16/11/09 1 Contents 1. Openwork s Information Security Policy...3 2. Enterprise Information Security Procedures...3
More informationWriting Assignment #2 due Today (5:00pm) - Post on your CSC101 webpage - Ask if you have questions! Lab #2 Today. Quiz #1 Tomorrow (Lectures 1-7)
Overview of Computer Science CSC 101 Summer 2011 Main Memory vs. Auxiliary Storage Lecture 7 July 14, 2011 Announcements Writing Assignment #2 due Today (5:00pm) - Post on your CSC101 webpage - Ask if
More informationDestroying Flash Memory-Based Storage Devices (draft v0.9)
Destroying Flash Memory-Based Storage Devices (draft v0.9) Dr. Steven Swanson Director, Non-volatile Systems Laboratory Department of Computer Science and Engineering University of California, San Diego
More informationSaint Louis University Merchant Card Processing Policy & Procedures
Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.
More informationProtecting Backup Media with AES Encryption
Abstract: Although most businesses scrupulously protect the personal customer information that they collect and store onsite, companies often do not consider the security issues involved when sending backup
More informationTYPES OF POSSIBLE IDENTITY THEFT
Identity Theft What is Identity Theft? Identity theft occurs when someone uses your personal information such as your name, social security number, and or other identifying information without your permission
More informationManaging and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS
Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Blancco White Paper Published 14 February 2013 Introduction Advanced mobile devices like
More informationGuidance on Personal Data Erasure and Anonymisation 1
Guidance on Personal Data Erasure and Anonymisation Introduction Data users engaged in the collection, holding, processing or use of personal data must carefully consider how to erase such personal data
More informationUNCLASSIFIED. This page intentionally left blank. UNCLASSIFIED. Clearing And Declassifying Electronic Data Storage Devices (ITSG-06) ii July 2006
This page intentionally left blank. ii July 2006 Foreword The Clearing and Declassifying Electronic Data Storage Devices (ITSG-06) is an publication, issued under the authority of the Chief, Communications
More informationChapter 8. Secondary Storage. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 8 Secondary Storage McGraw-Hill/Irwin Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Competencies (Page 1 of 2) Distinguish between primary and secondary storage Describe
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationEASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
More informationDocument Management Plan Preparation Guidelines
Document Management Plan Preparation Guidelines TABLE OF CONTENTS 1. Purpose of Document 1 2. Definition of Document Management 1 3. Objectives of Document Management 1 4. Terms, Acronyms and Abbreviations
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationCOMMONWEALTH OF VIRGINIA
Effective Date: April 18, 2007 COMMONWEALTH OF VIRGINIA Information Technology Resource Management INFORMATION TECHNOLOGY DATA PROTECTION GUIDELINE Virginia Information Technologies Agency (VITA) Information
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationRoxio Secure Solutions for Law Firms
Roxio Secure Solutions for Law Firms Law firms can easily protect sensitive data stored on CD, DVD, Blu-ray Disc and USB flash media with Roxio Secure Solutions Introduction Law firms and their clients
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationHow To Destroy Data From A Hard Drive
Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Whether you require data destruction supplementary or exclusively to our IT disposal solution, our fully security screened
More informationResponsibly Retiring IT Assets, Medical or Laboratory Equipment
Responsibly Retiring IT Assets, Medical or Laboratory Equipment Agenda Introductions David Zimet, President, Hesstech, LLC Industry Overview Key Issues When Retiring Electronic Equipment Data Security
More informationPOLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.
POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University
More informationhttp://www.guardianedge.com/
Full Disk Encryption & IT Asset Disposition: Protecting Data During the PC Disposal Process A GuardianEdge White Paper 4/7/2006 The information contained in this document represents the current view of
More informationBUSINESS POLICY. TO: All Members of the University Community 2012:12. CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05)
BUSINESS POLICY TO: All Members of the University Community 2012:12 DATE: April 2012 CREDIT CARD PROCESSING AND SECURITY POLICY (Supersedes Policy 2009:05) Contents Section 1 Policy Statement... 2 Section
More informationEnsuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services
Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of
More informationSecure Data Destruction
Secure Data Destruction Secure Data Elimination (Degauss) Onsite Magnetic Degaussing service eliminates data from Tape and Magnetic Hard Disk media Portable machines allow for degaussing to be competed
More informationCredit Card Processing and Security Policy
Credit Card Processing and Security Policy Policy Number: Reserved for future use Responsible Official: Vice President of Administration and Finance Responsible Office: Student Account Services Effective
More informationPCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data
PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationComputer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)
Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj 1-1) Storage The place in the computer where data is held while it is not needed for processing A storage device is device used to record (store)
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationCyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationSolutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson
Solutions Brief PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy Gerald Hopkins Cam Roberson March, 2013 Personal Information at Risk Legislating the threat Since the
More informationBuilding an ITAD Program:
Building an ITAD Program: What Your Company Needs To Know By: Integrated Communications & Technologies Contents 3 4 6 7 8 9 Introduction Understanding The Concepts of IT Asset Disposition Evaluating by
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More information