Net Zeros and Ones: How Data Erasure Promotes Sustainability, Privacy, and Security
- Length: 192 pages
- Edition: 1
- Language: English
- Publisher: Wiley
- Publication Date: 2022-12-28
- ISBN-10: 1119866162
- ISBN-13: 9781119866169
- Sales Rank: #585623 (See Top 100 Books)
Data Sanitization: A Complete Guide to Managing Data Erasure provides everything an organization needs to put in place a compliant program for data end-of-life, the ultimate protection for your data. There are many technical means for destroying data, some mechanical, some logical. This book will guide you in your decisions: Should you drill a hole through that hard drive? Send it to a shredder? Overwrite all of the partitions? Or simply destroy the encryption keys for an encrypted disk? Beyond the means of ensuring that data cannot be recovered from storage media-even by the most sophisticated forensics-there are the details of managing data and abiding by regulations that require data retention. With thousands of laptops, desktops, mobile devices, and network gear, how do you manage their ultimate fate while ensuring that no data can ever be recovered? The authors will take you through the history of data sanitization. Learn how to be future proof and withstand even quantum computing as a threat to your secret data as well as learn from mistakes and malpractices that others have been guilty of. Get to know the personalities in the Industry at the same time as you become an internal subject matter expert on data sanitization.
Cover Title Page Copyright Page About the Authors Contents at a Glance Contents Foreword Introduction Chapter 1 End of Life for Data 1.1 Growth of Data 1.2 Managing Data 1.2.1 Discovery 1.2.2 Classification 1.2.3 Risk 1.3 Data Loss 1.3.1 Accidental 1.3.2 Theft 1.3.3 Dumpster Diving 1.4 Encryption 1.5 Data Discovery 1.6 Regulations 1.7 Security 1.8 Legal Discovery 1.9 Data Sanitization 1.10 Ecological and Economic Considerations 1.10.1 Ecological 1.10.2 Economic 1.11 Summary: Proactive Risk Reduction and Reactive End of Life Chapter 2 Where Are We, and How Did We Get Here? 2.1 Digital Data Storage 2.2 Erasing Magnetic Media 2.3 History of Data Erasure 2.3.1 The Beginnings of Commercial Data Erasure 2.3.2 Darik’s Boot and Nuke (DBAN) 2.4 Summary Chapter 3 Data Sanitization Technology 3.1 Shredding 3.2 Degaussing 3.3 Overwriting 3.4 Crypto-Erase 3.5 Erasing Solid-State Drives 3.6 Bad Blocks 3.7 Data Forensics 3.8 Summary Chapter 4 Information Lifecycle Management 4.1 Information Lifecycle Management vs. Data Lifecycle Management 4.2 Information Lifecycle Management 4.2.1 Lifecycle Stages 4.3 Data Security Lifecycle 4.3.1 Stages for Data Security Lifecycle 4.4 Data Hygiene 4.5 Data Sanitization 4.5.1 Physical Destruction 4.5.2 Cryptographic Erasure 4.5.3 Data Erasure 4.6 Summary Chapter 5 Regulatory Requirements 5.1 Frameworks 5.1.1 NIST Cybersecurity Framework Applied to Data 5.2 Regulations 5.2.1 GDPR 5.2.2 HIPAA Security Rule Subpart C 5.2.3 PCI DSS V3.2 Payment Card Industry Requirements 5.2.4 Sarbanes–Oxley 5.2.5 Saudi Arabian Monetary Authority Payment Services Regulations 5.2.6 New York State Cybersecurity Requirements of Financial Services Companies 23 NYCRR 5.2.7 Philippines Data Privacy Act 5.2.8 Singapore Personal Data Protection Act 5.2.9 Gramm–Leach–Bliley Act 5.3 Standards 5.3.1 ISO 27000 and Family 5.3.2 NIST SP 800-88 5.4 Summary Chapter 6 New Standards 6.1 IEEE P2883 Draft Standard for Sanitizing Storage 6.1.1 Data Sanitization 6.1.2 Storage Sanitization 6.1.3 Media Sanitization 6.1.4 Clear 6.1.5 Purge 6.1.6 Destruct 6.2 Updated ISO/IEC CD 27040 Information Technology Security Techniques—Storage Security* 6.3 Summary Chapter 7 Asset Lifecycle Management 7.1 Data Sanitization Program 7.2 Laptops and Desktops 7.3 Servers and Network Gear 7.3.1 Edge Computing 7.4 Mobile Devices 7.4.1 Crypto-Erase 7.4.2 Mobile Phone Processing 7.4.3 Enterprise Data Erasure for Mobile Devices 7.5 Internet of Things: Unconventional Computing Devices 7.5.1 Printers and Scanners 7.5.2 Landline Phones 7.5.3 Industrial Control Systems 7.5.4 HVAC Controls 7.5.5 Medical Devices 7.6 Automobiles 7.6.1 Off-Lease Vehicles 7.6.2 Used Vehicle Market 7.6.3 Sanitization of Automobiles 7.7 Summary Chapter 8 Asset Disposition 8.1 Contracting and Managing Your ITAD 8.2 ITAD Operations 8.3 Sustainability and Green Tech 8.4 Contribution from R2 8.4.1 Tracking Throughput 8.4.2 Data Security 8.5 e-Stewards Standard for Responsible Recycling and Reuse of Electronic Equipment 8.6 i-SIGMA 8.7 FACTA 8.8 Summary Chapter 9 Stories from the Field 9.1 3stepIT 9.2 TES – IT Lifecycle Solutions 9.2.1 Scale of Operations 9.2.2 Compliance 9.2.3 Conclusion 9.3 Ingram Micro 9.4 Summary Chapter 10 Data Center Operations 10.1 Return Material Allowances 10.2 NAS 10.3 Logical Drives 10.4 Rack-Mounted Hard Drives 10.5 Summary Chapter 11 Sanitizing Files 11.1 Avoid Confusion with CDR 11.2 Erasing Files 11.3 When to Sanitize Files 11.4 Sanitizing Files 11.5 Summary Chapter 12 Cloud Data Sanitization 12.1 User Responsibility vs. Cloud Provider Responsibility 12.2 Attacks Against Cloud Data 12.3 Cloud Encryption 12.4 Data Sanitization for the Cloud 12.5 Summary Chapter 13 Data Sanitization and Information Lifecycle Management 13.1 The Data Sanitization Team 13.2 Identifying Data 13.3 Data Sanitization Policy 13.3.1 Deploy Technology 13.3.2 Working with DevOps 13.3.3 Working with Data Security 13.3.4 Working with the Legal Team 13.3.5 Changes 13.4 Summary Chapter 14 How Not to Destroy Data 14.1 Drilling 14.1.1 Nail Gun 14.1.2 Gun 14.2 Acids and Other Solvents 14.3 Heating 14.4 Incineration 14.5 Street Rollers 14.6 Ice Shaving Machines Chapter 15 The Future of Data Sanitization 15.1 Advances in Solid-State Drives 15.2 Shingled Magnetic Recording 15.3 Thermally Assisted Magnetic Recording, Also Known as Heat-Assisted Magnetic Recording 15.4 Microwave-Assisted Magnetic Recording 15.5 DNA Data Storage 15.6 Holographic Storage 15.7 Quantum Storage 15.8 NVDIMM 15.9 Summary Chapter 16 Conclusion Appendix: Enterprise Data Sanitization Policy Introduction Intended Audience Purpose of Policy General Data Hygiene and Data Retention Data Spillage Handling Files Classified as Confidential Data Migration End of Life for Classified Virtual Machines On Customer’s Demand Seven Steps to Creating a Data Sanitization Process Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan Data Sanitization Defined Physical Destruction Degaussing Pros and Cons of Physical Destruction Cryptographic Erasure (Crypto-Erase) Pros and Cons of Cryptographic Erasure Data Erasure Pros and Cons of Data Erasure Equipment Details Asset Lifecycle Procedures Suggested Process, In Short Create Contract Language for Third Parties Data Erasure Procedures Responsibility Validation of Data Erasure Software and Equipment Personal Computers Servers and Server Storage Systems Photocopiers, Network Printers, and Fax Machines Mobile Phones, Smartphones, and Tablets Point-of-Sale Equipment Virtual Machines Removable Solid-State Memory Devices (USB Flash Drives, SD Cards) CDs, DVDs, and Optical Discs Backup Tape General Requirements for Full Implementation Procedure for Partners and Suppliers Audit Trail Requirement Policy Ownership Mandatory Revisions Roles and Responsibilities CEO Board of Directors Index EULA
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.