Net Zeros and Ones: How Data Erasure Promotes Sustainability, Privacy, and Security

by Fredrik Forslund, Richard Stiennon, Russ Ernst

Length: 192 pages
Edition: 1
Language: English
Publisher: Wiley
Publication Date: 2022-12-28
ISBN-10: 1119866162
ISBN-13: 9781119866169
Sales Rank: #585623 (See Top 100 Books)

Data Sanitization: A Complete Guide to Managing Data Erasure provides everything an organization needs to put in place a compliant program for data end-of-life, the ultimate protection for your data. There are many technical means for destroying data, some mechanical, some logical. This book will guide you in your decisions: Should you drill a hole through that hard drive? Send it to a shredder? Overwrite all of the partitions? Or simply destroy the encryption keys for an encrypted disk? Beyond the means of ensuring that data cannot be recovered from storage media-even by the most sophisticated forensics-there are the details of managing data and abiding by regulations that require data retention. With thousands of laptops, desktops, mobile devices, and network gear, how do you manage their ultimate fate while ensuring that no data can ever be recovered? The authors will take you through the history of data sanitization. Learn how to be future proof and withstand even quantum computing as a threat to your secret data as well as learn from mistakes and malpractices that others have been guilty of. Get to know the personalities in the Industry at the same time as you become an internal subject matter expert on data sanitization.

Cover
Title Page
Copyright Page
About the Authors
Contents at a Glance
Contents
Foreword
Introduction
Chapter 1 End of Life for Data
	1.1 Growth of Data
	1.2 Managing Data
		1.2.1 Discovery
		1.2.2 Classification
		1.2.3 Risk
	1.3 Data Loss
		1.3.1 Accidental
		1.3.2 Theft
		1.3.3 Dumpster Diving
	1.4 Encryption
	1.5 Data Discovery
	1.6 Regulations
	1.7 Security
	1.8 Legal Discovery
	1.9 Data Sanitization
	1.10 Ecological and Economic Considerations
		1.10.1 Ecological
		1.10.2 Economic
	1.11 Summary: Proactive Risk Reduction and Reactive End of Life
Chapter 2 Where Are We, and How Did We Get Here?
	2.1 Digital Data Storage
	2.2 Erasing Magnetic Media
	2.3 History of Data Erasure
		2.3.1 The Beginnings of Commercial Data Erasure
		2.3.2 Darik’s Boot and Nuke (DBAN)
	2.4 Summary
Chapter 3 Data Sanitization Technology
	3.1 Shredding
	3.2 Degaussing
	3.3 Overwriting
	3.4 Crypto-Erase
	3.5 Erasing Solid-State Drives
	3.6 Bad Blocks
	3.7 Data Forensics
	3.8 Summary
Chapter 4 Information Lifecycle Management
	4.1 Information Lifecycle Management vs. Data Lifecycle Management
	4.2 Information Lifecycle Management
		4.2.1 Lifecycle Stages
	4.3 Data Security Lifecycle
		4.3.1 Stages for Data Security Lifecycle
	4.4 Data Hygiene
	4.5 Data Sanitization
		4.5.1 Physical Destruction
		4.5.2 Cryptographic Erasure
		4.5.3 Data Erasure
	4.6 Summary
Chapter 5 Regulatory Requirements
	5.1 Frameworks
		5.1.1 NIST Cybersecurity Framework Applied to Data
	5.2 Regulations
		5.2.1 GDPR
		5.2.2 HIPAA Security Rule Subpart C
		5.2.3 PCI DSS V3.2 Payment Card Industry Requirements
		5.2.4 Sarbanes–Oxley
		5.2.5 Saudi Arabian Monetary Authority Payment Services Regulations
		5.2.6 New York State Cybersecurity Requirements of Financial Services Companies 23 NYCRR
		5.2.7 Philippines Data Privacy Act
		5.2.8 Singapore Personal Data Protection Act
		5.2.9 Gramm–Leach–Bliley Act
	5.3 Standards
		5.3.1 ISO 27000 and Family
		5.3.2 NIST SP 800-88
	5.4 Summary
Chapter 6 New Standards
	6.1 IEEE P2883 Draft Standard for Sanitizing Storage
		6.1.1 Data Sanitization
		6.1.2 Storage Sanitization
		6.1.3 Media Sanitization
		6.1.4 Clear
		6.1.5 Purge
		6.1.6 Destruct
	6.2 Updated ISO/IEC CD 27040 Information Technology Security Techniques—Storage Security*
	6.3 Summary
Chapter 7 Asset Lifecycle Management
	7.1 Data Sanitization Program
	7.2 Laptops and Desktops
	7.3 Servers and Network Gear
		7.3.1 Edge Computing
	7.4 Mobile Devices
		7.4.1 Crypto-Erase
		7.4.2 Mobile Phone Processing
		7.4.3 Enterprise Data Erasure for Mobile Devices
	7.5 Internet of Things: Unconventional Computing Devices
		7.5.1 Printers and Scanners
		7.5.2 Landline Phones
		7.5.3 Industrial Control Systems
		7.5.4 HVAC Controls
		7.5.5 Medical Devices
	7.6 Automobiles
		7.6.1 Off-Lease Vehicles
		7.6.2 Used Vehicle Market
		7.6.3 Sanitization of Automobiles
	7.7 Summary
Chapter 8 Asset Disposition
	8.1 Contracting and Managing Your ITAD
	8.2 ITAD Operations
	8.3 Sustainability and Green Tech
	8.4 Contribution from R2
		8.4.1 Tracking Throughput
		8.4.2 Data Security
	8.5 e-Stewards Standard for Responsible Recycling and Reuse of Electronic Equipment
	8.6 i-SIGMA
	8.7 FACTA
	8.8 Summary
Chapter 9 Stories from the Field
	9.1 3stepIT
	9.2 TES – IT Lifecycle Solutions
		9.2.1 Scale of Operations
		9.2.2 Compliance
		9.2.3 Conclusion
	9.3 Ingram Micro
	9.4 Summary
Chapter 10 Data Center Operations
	10.1 Return Material Allowances
	10.2 NAS
	10.3 Logical Drives
	10.4 Rack-Mounted Hard Drives
	10.5 Summary
Chapter 11 Sanitizing Files
	11.1 Avoid Confusion with CDR
	11.2 Erasing Files
	11.3 When to Sanitize Files
	11.4 Sanitizing Files
	11.5 Summary
Chapter 12 Cloud Data Sanitization
	12.1 User Responsibility vs. Cloud Provider Responsibility
	12.2 Attacks Against Cloud Data
	12.3 Cloud Encryption
	12.4 Data Sanitization for the Cloud
	12.5 Summary
Chapter 13 Data Sanitization and Information Lifecycle Management
	13.1 The Data Sanitization Team
	13.2 Identifying Data
	13.3 Data Sanitization Policy
		13.3.1 Deploy Technology
		13.3.2 Working with DevOps
		13.3.3 Working with Data Security
		13.3.4 Working with the Legal Team
		13.3.5 Changes
	13.4 Summary
Chapter 14 How Not to Destroy Data
	14.1 Drilling
		14.1.1 Nail Gun
		14.1.2 Gun
	14.2 Acids and Other Solvents
	14.3 Heating
	14.4 Incineration
	14.5 Street Rollers
	14.6 Ice Shaving Machines
Chapter 15 The Future of Data Sanitization
	15.1 Advances in Solid-State Drives
	15.2 Shingled Magnetic Recording
	15.3 Thermally Assisted Magnetic Recording, Also Known as Heat-Assisted Magnetic Recording
	15.4 Microwave-Assisted Magnetic Recording
	15.5 DNA Data Storage
	15.6 Holographic Storage
	15.7 Quantum Storage
	15.8 NVDIMM
	15.9 Summary
Chapter 16 Conclusion
Appendix: Enterprise Data Sanitization Policy
	Introduction
	Intended Audience
	Purpose of Policy
	General Data Hygiene and Data Retention
	Data Spillage
	Handling Files Classified as Confidential
	Data Migration
	End of Life for Classified Virtual Machines
	On Customer’s Demand
	Seven Steps to Creating a Data Sanitization Process
		Step 1: Prioritize and Scope
		Step 2: Orient
		Step 3: Create a Current Profile
		Step 4: Conduct a Risk Assessment
		Step 5: Create a Target Profile
		Step 6: Determine, Analyze, and Prioritize Gaps
		Step 7: Implement Action Plan
	Data Sanitization Defined
	Physical Destruction
	Degaussing
	Pros and Cons of Physical Destruction
	Cryptographic Erasure (Crypto-Erase)
	Pros and Cons of Cryptographic Erasure
	Data Erasure
	Pros and Cons of Data Erasure
	Equipment Details
	Asset Lifecycle Procedures
	Suggested Process, In Short
	Create Contract Language for Third Parties
	Data Erasure Procedures
		Responsibility
		Validation of Data Erasure Software and Equipment
		Personal Computers
		Servers and Server Storage Systems
		Photocopiers, Network Printers, and Fax Machines
		Mobile Phones, Smartphones, and Tablets
		Point-of-Sale Equipment
		Virtual Machines
		Removable Solid-State Memory Devices (USB Flash Drives, SD Cards)
		CDs, DVDs, and Optical Discs
		Backup Tape
	General Requirements for Full Implementation
	Procedure for Partners and Suppliers
	Audit Trail Requirement
	Policy Ownership
	Mandatory Revisions
	Roles and Responsibilities
		CEO
		Board of Directors
Index
EULA