“"In Net Zeros and Ones: How Data Erasure Promotes Sustainability, Privacy, and Security, a well-rounded team of accomplished industry veterans delivers a comprehensive guide to managing permanent and sustainable data erasure while complying with regulatory, legal, and industry requirements. In the book, you'll discover the why, how, and when of data sanitization, including why it is a crucial component in achieving circularity within IT operations. You will also learn about future-proofing yourself against security breaches and data leaks involving your most sensitive information--all while being served entertaining industry anecdotes and commentary from leading industry personalities"-- Amazon”.
Author(s): Richard Stiennon, Russ Ernst, Fredrik Forslund
Edition: 1
Publisher: Wiley
Year: 2022
Language: English
Pages: 191
City: Hoboken, New Jersey
Cover
Title Page
Copyright Page
About the Authors
Contents at a Glance
Contents
Foreword
Introduction
Chapter 1 End of Life for Data
1.1 Growth of Data
1.2 Managing Data
1.2.1 Discovery
1.2.2 Classification
1.2.3 Risk
1.3 Data Loss
1.3.1 Accidental
1.3.2 Theft
1.3.3 Dumpster Diving
1.4 Encryption
1.5 Data Discovery
1.6 Regulations
1.7 Security
1.8 Legal Discovery
1.9 Data Sanitization
1.10 Ecological and Economic Considerations
1.10.1 Ecological
1.10.2 Economic
1.11 Summary: Proactive Risk Reduction and Reactive End of Life
Chapter 2 Where Are We, and How Did We Get Here?
2.1 Digital Data Storage
2.2 Erasing Magnetic Media
2.3 History of Data Erasure
2.3.1 The Beginnings of Commercial Data Erasure
2.3.2 Darik’s Boot and Nuke (DBAN)
2.4 Summary
Chapter 3 Data Sanitization Technology
3.1 Shredding
3.2 Degaussing
3.3 Overwriting
3.4 Crypto-Erase
3.5 Erasing Solid-State Drives
3.6 Bad Blocks
3.7 Data Forensics
3.8 Summary
Chapter 4 Information Lifecycle Management
4.1 Information Lifecycle Management vs. Data Lifecycle Management
4.2 Information Lifecycle Management
4.2.1 Lifecycle Stages
4.3 Data Security Lifecycle
4.3.1 Stages for Data Security Lifecycle
4.4 Data Hygiene
4.5 Data Sanitization
4.5.1 Physical Destruction
4.5.2 Cryptographic Erasure
4.5.3 Data Erasure
4.6 Summary
Chapter 5 Regulatory Requirements
5.1 Frameworks
5.1.1 NIST Cybersecurity Framework Applied to Data
5.2 Regulations
5.2.1 GDPR
5.2.2 HIPAA Security Rule Subpart C
5.2.3 PCI DSS V3.2 Payment Card Industry Requirements
5.2.4 Sarbanes–Oxley
5.2.5 Saudi Arabian Monetary Authority Payment Services Regulations
5.2.6 New York State Cybersecurity Requirements of Financial Services Companies 23 NYCRR 500
5.2.7 Philippines Data Privacy Act 2012
5.2.8 Singapore Personal Data Protection Act 2012
5.2.9 Gramm–Leach–Bliley Act
5.3 Standards
5.3.1 ISO 27000 and Family
5.3.2 NIST SP 800-88
5.4 Summary
Chapter 6 New Standards
6.1 IEEE P2883 Draft Standard for Sanitizing Storage
6.1.1 Data Sanitization
6.1.2 Storage Sanitization
6.1.3 Media Sanitization
6.1.4 Clear
6.1.5 Purge
6.1.6 Destruct
6.2 Updated ISO/IEC CD 27040 Information Technology Security Techniques—Storage Security*
6.3 Summary
Chapter 7 Asset Lifecycle Management
7.1 Data Sanitization Program
7.2 Laptops and Desktops
7.3 Servers and Network Gear
7.3.1 Edge Computing
7.4 Mobile Devices
7.4.1 Crypto-Erase
7.4.2 Mobile Phone Processing
7.4.3 Enterprise Data Erasure for Mobile Devices
7.5 Internet of Things: Unconventional Computing Devices
7.5.1 Printers and Scanners
7.5.2 Landline Phones
7.5.3 Industrial Control Systems
7.5.4 HVAC Controls
7.5.5 Medical Devices
7.6 Automobiles
7.6.1 Off-Lease Vehicles
7.6.2 Used Vehicle Market
7.6.3 Sanitization of Automobiles
7.7 Summary
Chapter 8 Asset Disposition
8.1 Contracting and Managing Your ITAD
8.2 ITAD Operations
8.3 Sustainability and Green Tech
8.4 Contribution from R2
8.4.1 Tracking Throughput
8.4.2 Data Security
8.5 e-Stewards Standard for Responsible Recycling and Reuse of Electronic Equipment
8.6 i-SIGMA
8.7 FACTA
8.8 Summary
Chapter 9 Stories from the Field
9.1 3stepIT
9.2 TES – IT Lifecycle Solutions
9.2.1 Scale of Operations
9.2.2 Compliance
9.2.3 Conclusion
9.3 Ingram Micro
9.4 Summary
Chapter 10 Data Center Operations
10.1 Return Material Allowances
10.2 NAS
10.3 Logical Drives
10.4 Rack-Mounted Hard Drives
10.5 Summary
Chapter 11 Sanitizing Files
11.1 Avoid Confusion with CDR
11.2 Erasing Files
11.3 When to Sanitize Files
11.4 Sanitizing Files
11.5 Summary
Chapter 12 Cloud Data Sanitization
12.1 User Responsibility vs. Cloud Provider Responsibility
12.2 Attacks Against Cloud Data
12.3 Cloud Encryption
12.4 Data Sanitization for the Cloud
12.5 Summary
Chapter 13 Data Sanitization and Information Lifecycle Management
13.1 The Data Sanitization Team
13.2 Identifying Data
13.3 Data Sanitization Policy
13.3.1 Deploy Technology
13.3.2 Working with DevOps
13.3.3 Working with Data Security
13.3.4 Working with the Legal Team
13.3.5 Changes
13.4 Summary
Chapter 14 How Not to Destroy Data
14.1 Drilling
14.1.1 Nail Gun
14.1.2 Gun
14.2 Acids and Other Solvents
14.3 Heating
14.4 Incineration
14.5 Street Rollers
14.6 Ice Shaving Machines
Chapter 15 The Future of Data Sanitization
15.1 Advances in Solid-State Drives
15.2 Shingled Magnetic Recording
15.3 Thermally Assisted Magnetic Recording, Also Known as Heat-Assisted Magnetic Recording
15.4 Microwave-Assisted Magnetic Recording
15.5 DNA Data Storage
15.6 Holographic Storage
15.7 Quantum Storage
15.8 NVDIMM
15.9 Summary
Chapter 16 Conclusion
Appendix: Enterprise Data Sanitization Policy
Introduction
Intended Audience
Purpose of Policy
General Data Hygiene and Data Retention
Data Spillage
Handling Files Classified as Confidential
Data Migration
End of Life for Classified Virtual Machines
On Customer’s Demand
Seven Steps to Creating a Data Sanitization Process
Step 1: Prioritize and Scope
Step 2: Orient
Step 3: Create a Current Profile
Step 4: Conduct a Risk Assessment
Step 5: Create a Target Profile
Step 6: Determine, Analyze, and Prioritize Gaps
Step 7: Implement Action Plan
Data Sanitization Defined
Physical Destruction
Degaussing
Pros and Cons of Physical Destruction
Cryptographic Erasure (Crypto-Erase)
Pros and Cons of Cryptographic Erasure
Data Erasure
Pros and Cons of Data Erasure
Equipment Details
Asset Lifecycle Procedures
Suggested Process, In Short
Create Contract Language for Third Parties
Data Erasure Procedures
Responsibility
Validation of Data Erasure Software and Equipment
Personal Computers
Servers and Server Storage Systems
Photocopiers, Network Printers, and Fax Machines
Mobile Phones, Smartphones, and Tablets
Point-of-Sale Equipment
Virtual Machines
Removable Solid-State Memory Devices (USB Flash Drives, SD Cards)
CDs, DVDs, and Optical Discs
Backup Tape
General Requirements for Full Implementation
Procedure for Partners and Suppliers
Audit Trail Requirement
Policy Ownership
Mandatory Revisions
Roles and Responsibilities
CEO
Board of Directors
Index
EULA
