Presentation is loading. Please wait.

Presentation is loading. Please wait.

Environmental Symposium Data Security And Destruction Issues A.K.A. - Disk Sanitization Mike Caltabiano Environmental Protection Agency, Office of Environmental.

Published byMatthew Nelson Modified over 8 years ago

Similar presentations

Presentation on theme: "Environmental Symposium Data Security And Destruction Issues A.K.A. - Disk Sanitization Mike Caltabiano Environmental Protection Agency, Office of Environmental."— Presentation transcript:

1 Environmental Symposium Data Security And Destruction Issues A.K.A. - Disk Sanitization Mike Caltabiano Environmental Protection Agency, Office of Environmental Information, Office of Technology Operations and Planning, Desktop and Collaborations Solutions Branch

2 2 Sanitization of Computers A large volume of electronic information is stored on computer hard disk and electronic media throughout the Environmental Protection Agency (EPA). Much of this information is sensitive to disclosure due to its confidentiality. Most of the software at EPA is licensed under special agreements which prohibit the transfer of this software outside of the Agency. All information and licensed software must be properly removed when disposing of computer systems with a hard drive. This is also applicable to all other electronic storage media including, Personal Digital Assistance (PDAs), Blackberries, removable media such as CDs, DVDs, Universal Serial Bus (USB drives), Zip drive media, Jaz drives, backup disks, diskettes and tapes.

3 3 Purpose for Sanitization? Unauthorized disclosure of certain information may subject the Agency to legal liability, negative publicity, monetary penalties, and the possible loss of funding. This procedure is designed to ensure that IT resources do not contain information of a confidential nature before being transferred outside of any US Environmental Protection Agency facility or region, for surplus or destruction. IT resources and electronic storage media will be cleaned of all information.

4 4 Background for Sanitization. Studies of disk sanitization indicate that simply deleting files from the media or formatting a hard drive is not sufficient to completely erase data so that it cannot be recovered. When you delete files in Windows by moving them into the Recycle Bin all data remains on the hard disk. Read more about disk sanitization practices in an article written by Simson L. Garfinkel and Abhi Shelat from the Massachusetts Institute of Technology. http://www.hddrecovery.com.au/HDD_Press_2.htm

5 5 Procedures Overwriting hard drives and electronic storage media utilizing Department of Defense (DOD) accepted software. Overwriting of data means replacing previously stored data on a drive or disk with a predetermined pattern of meaningless information, effectively rendering the data unrecoverable. After overwriting, the hard drive is still physically functional and can accept formatting. There are several algorithms of overwriting: Single Pass – data area is overwritten once with “1” or “0”. DoD Method – the data area is overwritten with 0’s, then 1’s and then once with pseudo random data. NSA erasure algorithm – data is overwritten seven times with “0” pattern then with “1” and so on. It is the best method for quick and secure deletion. Guttman Method – the data area is overwritten 35 times. This method overwrites the drive taking into account the different encoding algorithms used by various hard drive manufacturers.

6 6 Procedures continued Physically destroying (See Definitions) the storage media, rendering it unusable. Hard drives should be destroyed when protection can’t be reliably ensured; the technology is old or can not be handled by the available tools. Physical destruction must be accomplished to an extent that precludes any possible further use of the hard drive or storage media. We recommend physical destruction be performed by a “Hard Drive Destruction Service”. Performed by a shredding service.

7 7 Procedures continued Degaussing (See Definitions) a hard drive or storage media to randomize the magnetic domains – most likely rendering the drive or media unusable in the process. If they are defective or cannot be economically repaired or sanitized for reuse by the available tools, then the media will be degaussed and discarded possibly thru EPA’s Recycling Electronics and Asset Disposition (READ) services. For destruction of a CD/DVD, the most economical form of destruction is a CD/DVD shredder. Zip drive media, flash/USB drives should be physically destroyed if these devices cannot be sanitized via the DOD accepted overwriting software. If necessary, destruction of electronic storage media can include CELL Phones, PDA’s and Blackberries. Depending of the level of information that was stored on the device. Note: Drives with Classified or higher security data should be destroyed.

8 8 Recycling Electronics and Asset Disposition Services What EPA is doing; Recycling Electronics and Asset Disposition (READ) servicesRecycling Electronics and Asset Disposition (READ) services, EPA has awarded seven Government Wide Acquisition Contracts (GWACs) to small businesses (three nationwide, three in the eastern U.S. and two in western U.S.). The contractors are Molam International, Marietta, Ga.; Supply Chain Services, Lombard, ILL.; Asset Recovery Corporation, St. Paul, Minn.; Hesstech LLC, Edison, N.J.; Liquidity Services Inc., Washington, D.C.; Global Investment Recovery, Tampa, Fla.; and Hobi International, Batavia, ILL.

9 9 Recycling Electronics and Asset Disposition Services Under the READ contracts, companies will evaluate each item and its components,and then, in decreasing preference: refurbish and resell them, using the proceeds to offset costs; donate them to charitable causes; recycle as much as possible; and properly dispose of the remainder Contractors must maintain an audit trail to the equipment's final destination to document reclamation and recycling efforts. The contracts will also maximize revenues from usable electronic equipment currently in storage through a share-in-savings (SiS) program. Under SiS, the contractor will attempt to identify opportunities to save costs associated with recycling efforts and share those savings with federal agencies to offset recycling costs. The government-wide recycling contract will help federal agencies meet requirements of Executive Order 13101, "Greening the Government through Waste Prevention, Recycling, and Acquisition."

10 10 Overwriting for Sanitization EPA recommends but does not endorse the following products: Wipe Tools: WipeDrive 3.0 www.whitecanyon.com –Windows Platform – DOD approved. Erases files, folders, cookies, or an entire drive. CyberScrub www.cyberscrub.com –Windows Platform – DOD approved. Erases files, folders, cookies, or an entire drive. Implements Gutmann patterns. DataScrubber www.scsitoolbox.com/products/DataScrubber.asp –Windows, Unix Platforms – DOD Approved. Handles SCSI remapping and swap area. Eraserwww.heidi.ie/eraser –Windows Platform – Freeware- erases entire drive Unknown if DOD approved. A more comprehensive list of sanitation tools is available at www.SDEAN12.org.

11 11 Sanitization Equipment EPA recommends but does not endorse the following products: Degaussing Tools: HD-1 All Media Degausser The HD-1 erases virtually all formats of tape, diskettes and hard-disks up to 160 GB. Please note; hard drives are not reusable once degaussed. Model 8000 Hard Drive/Media Degausser The Model 8000 Table Top unit is a low noise, compact unit with “industrial strength” flux fields and features a foot-control for hands-free operation. Tools used for CD/DVD shredding: PRIMERA Disc Shredder – DS360 Aleratec DVD/CD Shredder Plus XC Kobra 240 SS4 HSM Model 125.2 Shredder Intimus 502CD CD Shredder Olympia 1500 CD Shredder

12 12 Degauser for Sanitization

13 13 Degaussing A rented Degausser with hard drive

14 14 Definitions Sanitization, sanitized – is the end result after all data is obliterated. Including all associated file system structures, operating system formatting and information from fixed disk or electronic storage media. Physical destruction – destroying the item by physical force. For example, removing the hard drive from a computer and strike it with a large device to break it and the platters to small pieces. The best process is Disk Drive Shredding. Degaussing is a process whereby the magnetic media are erased, (i.e., returned to a zero state). Degaussing (demagnetizing) reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Properly applied, degaussing renders any previously stored data on magnetic media unreadable by keyboard or laboratory attack. A degausser is an electro-magnetic device used for this purpose. Sensitive data – includes; Confidential Business Information (CBI), research information, procurement information, contract information, contract awards, incentive awards, personnel data, OIG related information, human resource information (SSN, etc), privacy act information and any other information that should not be released to the public.

15 15 Waivers for Sanitization Waivers will not be considered!

16 16 Sanitization of Computers and Electronic Storage Media Practices at EPA Sanitization Policy in development Recommend the DOD approved overwrite method for all non- classified PC hard drives OEI/Office of the CIO uses Wipe Drive prior to reuse of recycling the PC. NOTE: Anything categorized as National Security Information Systems is not covered by this procedure.

Download ppt "Environmental Symposium Data Security And Destruction Issues A.K.A. - Disk Sanitization Mike Caltabiano Environmental Protection Agency, Office of Environmental."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Understanding secure data erasure and end-of-lifecycle IT asset management.

Understanding secure data erasure and end-of-lifecycle IT asset management.
Business Introduction Table of Contents Introduction to Green Data, Inc.1 Green Data Services2 Scanning3 Archiving & Storage4 Shredding5 Consulting6.

Business Introduction Table of Contents Introduction to Green Data, Inc.1 Green Data Services2 Scanning3 Archiving & Storage4 Shredding5 Consulting6.
Aspects of Electronic Waste Disposal Lawrence P. Hayes P.E. E-Waste Experts, Inc.

Aspects of Electronic Waste Disposal Lawrence P. Hayes P.E. E-Waste Experts, Inc.
Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation.

Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation.
1 © Jetico, Inc. Oy Military-Standard Data Protection Software Customer Challenges with Classified Data Spills.

1 © Jetico, Inc. Oy Military-Standard Data Protection Software Customer Challenges with Classified Data Spills.
Sanitizing Data from Storage Devices with a Live CD Brian Compton College of Technology – University of Houston Sanitizing Data from Storage Devices with.

Sanitizing Data from Storage Devices with a Live CD Brian Compton College of Technology – University of Houston Sanitizing Data from Storage Devices with.
1 X-Ways Security: Permanent Erasure Supervised By: Dr. Lo’ai Tawalbeh Prepared By :Murad M. Ali.

1 X-Ways Security: Permanent Erasure Supervised By: Dr. Lo’ai Tawalbeh Prepared By :Murad M. Ali.
This presentation will take a look at to prevent your information from being discovered by and investigator.

This presentation will take a look at to prevent your information from being discovered by and investigator.
NOAA Computer/Hard Drive Sanitization Validation Form and PDA/Cell Phone Destruction Worksheet.

NOAA Computer/Hard Drive Sanitization Validation Form and PDA/Cell Phone Destruction Worksheet.
Media Sanitization  NIST 800-88 Guidance  Terms Defined  When is media under/not under your control?  Flowchart for decision making  Spreadsheet of.

Media Sanitization  NIST Guidance  Terms Defined  When is media under/not under your control?  Flowchart for decision making  Spreadsheet of.
Media Sanitization How to get rid of unwanted data so no one else can get it.

Media Sanitization How to get rid of unwanted data so no one else can get it.
Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.

Records Management Basics 1 Jasmine Sourignavong, Division of Records Management Tre Hargett, Secretary of State.
Federal Acquisition Service U.S. General Services Administration January 2009 U.S. General Services Administration COMPUTERS AND ELECTRONICS DISPOSAL.

Federal Acquisition Service U.S. General Services Administration January 2009 U.S. General Services Administration COMPUTERS AND ELECTRONICS DISPOSAL.
Disk Clearing and Disk Sanitization

Disk Clearing and Disk Sanitization
EPA’S Work Related to Design, Procurement & Use, and End- of- life Management of Electronics GLRPPR Summer Conference August, 2005 Joe Bergstein USEPA.

EPA’S Work Related to Design, Procurement & Use, and End- of- life Management of Electronics GLRPPR Summer Conference August, 2005 Joe Bergstein USEPA.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:

Similar presentations

Ads by Google