We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMarquise Maybury
Modified about 1 year ago
www.DataSecurityInc.com 1-800-225-7554 firstname.lastname@example.org
Overview For more than 27 years Data Security Inc. has been manufacturing degaussers to support the Department of Defense (DoD) requirements for complete erasure of classified or sensitive magnetic storage devices. Data Security Inc.’s main focus is to develop and manufacture high performance degaussers and hard drive destruction devices that guarantee the complete erasure of data stored on existing and future magnetic data storage formats. Because of Data Security’s continuing focus on meeting National Security Agency (NSA) standards, we have developed a close working relationship with them. This relationship givse us insight into current and future media formats, as well as the various requirements for sanitizing them. Degaussers listed in the NSA Evaluated Products List-Degausser are ideal tools for organizations required to comply with DoD requirements, NISPOM, National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA) and privacy legislation, including the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA). © 2010 Data Security, Inc.
Data at Risk Media at RiskAcquisition Methods Classified or Sensitive DoD Defense Contractors Proprietary Information Personal Identity Information SSN Banking Health care information Desktop Hard Drives Laptop/Notebook Hard Drives HDDs in storage array Server Drive External USB Drives Firewire Drives USB Devices Magnetic Tapes Flash Cards CD & DVD Dumpster Diving Acquire improperly sanitized electronic media Laboratory reconstruction Hot Swapped Media Media in Transport Theft © 2010 Data Security, Inc. Developing countries do not have enough funding to catch up to developed countries, so they steal information and technology. –FBI Identity theft costs $50 billion/year. – Federal Trade Commission
Electronic Afterlife: What you don’t want to know about improper computer disposal, but should Hundreds of thousands of tons of E-waste are shipped overseas to developing countries each year, even after promises that the waste will be safely and locally recycled. Many of the countries receiving our E-waste are listed by the U.S. Department of State as the top sources of cyber crime. -Peter Klein, “Digital Dumping Ground” Documentary (2009) PA: Health Insurer Loses Hard Drive Comprising 280,000 Medicaid Patients Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan announced that a hard drive containing the personal health information has been misplaced. Yet to be recovered, the drive contains patient addresses, DOBs, health information, and both full and partial Social Security numbers. -Jane M. Von Bergen, The Philadelphia Inquirer (October 2010) http://www.philly.com/inquirer/business/20101020_Health_insurers_say_data_on_280_000_Pennsylvania_clients_may_be_compromised.html TX: Stolen Hard Drive Compromises 79,000 Airline Employees American Airlines reported a hard drive stolen from headquarters. The drive contains sensitive files for current and former employees dating back to 1960, including Social Security numbers, health insurance, and bank accounts. Some employee files also contained information on beneficiaries and dependents. -Angela Moscaritolo, SC Magazine (July 2010) http://www.scmagazineus.com/american-airlines-hard-drive-stolen/article/174254/ NJ: Data Breach Costs Credit Card Payment Company $130 Million After agreeing to a $60 million settlement with Visa earlier in the year, Heartland Payment Systems has added another $41 million for MasterCard as the result of a 2008 data breach which resulted in thousands of fraudulent charges. - (June 2010) http://destructdata.com/blog/ © 2010 Data Security, Inc. Data at Risk – In the News
Regulatory Environment © 2010 Data Security, Inc.
Regulatory Environment The NIST “Guidelines for Media Sanitization” refer to the NSA for products to sanitize magnetic media. NIST Special Publication 800-88, pg 12-21 The HIPPA Security Rule (SR) requires the final disposition of information/the hardware electronic media on which it is stored; HIPPA refers to NIST/NSA. Department of Health & Human Services HIPP § 164.310 Physical safeguards; Final Rule Under the HITECH Act (“The Act”), business associates are now directly “on the compliance hook;” ie. required to comply with the Security Rule (SR) or be fined for willful neglect ($250,000 per fine). HITECH Act Sec. 13401. Application of Security Provisions and Penalties to Business Associates of Covered Entities; Annual Guidance on Security Provisions The Gramm-Leach-Bliley (GLB) Act requires financial institutions to ensure the security and confidentiality of personal information obtained from their customers by erasing, degaussing or destroying electronic media. GBL Act, 15 U.S.C. 6081 et seq., and the Federal Trade Commissions’ Standards for Safeguarding Customer Information, 16 CFR Part 314 “Safeguards Rule” The Payment Card Industry (PCI) Data Security Standard directs to destroy media containing cardholder data when it is no longer needed as follows: Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed (for example, degaussing). PCI DSS Requirements and Security Assessment Procedures, V1.2.1 pg 46 © 2010 Data Security, Inc.
ISFO Process Manual Rev. 3 2011.1, page 152 © 2010 Data Security, Inc.
ISFO Process Manual Rev. 3 2011.1, page 151 © 2010 Data Security, Inc. Note: The terms “Type I-III” are being replaced by the actual media coercivity rating.
Degausser Dictionary de·gauss (d-gous) tr.v. de·gaussed, de·gauss·ing, de·gauss·es 1. To neutralize the magnetic field of (a ship, for example). 2. To erase information from (a magnetic disk or other storage device). Gauss: the CGS unit of magnetic flux density or magnetic induction. Oersted: the CGS unit of magnetic field strength. The magnetic field produced at the center of a solenoid or coil…magnetic field strength of one Oe is equivalent to magnetic flux density of one gauss. Coercivity: the amount of applied magnetic field required to reduce magnetic induction to zero… Coercivity is usually measured in Oersted… © 2010 Data Security, Inc.
Previous NSA Test Procedure © 2010 Data Security, Inc.
Current NSA Test Procedure Center for Magnetic Recording Research at the University of San Diego, California (CMRR) Guarantee that no data can be recovered by any means, including laboratory attack. Test degaussers Strength Uniformity Potential Useful life Stress Test (durability) Test media Coercivity of media Guaranteed erasure Uniformity of degausser field © 2010 Data Security, Inc.
Current NSA Test Procedure © 2010 Data Security, Inc.
Current NSA Test Procedure HD-5T 5000 Oersted Disk BeforeAfter
DoD Data Recovery Methods © 2010 Data Security, Inc. DiskTape Spin-Stand Testers Used for testing and experimenting with heads and disks Used mostly for R&D Tester writes specific data or servo pattern Very accurate for analyzing raw disks Reading a disk that has been written by a drive is more challenging Not cost-effective for routine data recovery Magnetic Force Microscopes (MFM) Best tool for analyzing magnetic data on disks Provides extraordinary imagery of the topology disk properties Probe is placed on the disk surface Time consuming Excellent tool for reading overwritten data Overwritten tracks leave portions of previously written data due to head shift Physical movement of drive Age of disk drive Deteriorating lubricants Current technology used by the NSA Ferrofluidic Imaging Liquid which becomes strongly polarized in the presence of a magnetic field Composed of nanoscale ferromagnetic particles suspended in a carrier fluid, usually an organic solvent or water Tape tracks are made visible by coating the tape with a ferrofluid that is magnetically developing
Commercial Data Recovery Methods © 2010 Data Security, Inc. DiskTape Assess Disk Drive Operational Mirror data Create raw image to new media Component Failure Replace defective components Mirror data Create raw image to new media Logical/Software Failure Examining raw image at the low-level data sectors Apply fixes to file system structure Access data Restore data Assess Tape Media Operational Test accessibility with lab equipment Component Failure Clean, splice and re-spool into new cartridge Create raw image from readable portions Examine low-level data sectors Determine tape fixes to format structures Access data Restore data
NSA/CSS Evaluated Products List-Degausser Introduction The EPL-Degausser (Evaluated Products List – Degausser) specifies the model identification of current equipment units that were evaluated against and found to satisfy the requirements for erasure of magnetic storage devices that retain sensitive or classified data. Degaussers listed in this document are rated by the coercivity of the magnetic storage devices they can securely erase (tape and disk storage devices). Tape storage devices are defined as any product that contains magnetic tape as the recording medium. Disk storage devices are defined as any product that contains a flexible or rigid disk as the recording medium. Proper use of this equipment is necessary to ensure inadvertent disclosure of any level of classified or sensitive information. Any questions about equipment operations should be directed to the manufacturer. © 2010 Data Security, Inc.
Media Specifications © 2010 Data Security, Inc. Hard Drive Coercivity Chart
Disk Recording © 2010 Data Security, Inc. Longitudinal Recording Each bit of information is represented by a collection of magnetized particles. North and south poles oriented in one direction or the other parallel to the disk's surface in a ring around its center. Perpendicular Recording Poles are arranged perpendicular to the disk's surface. More bits can be packed onto a disk.
NSA/CSS Evaluated Products List-Degausser © 2010 Data Security, Inc. 9. Standalone Degaussers: These are standalone electromagnetic degaussers that provide automatic one pass operation for disk and tape storage device erasure. On hard disk drives, all extraneous steel shielding materials (e.g., cabinets, casings, and mounting brackets), but not the hard disk assembly, must be removed before degaussing. The degaussers must be operated at their full magnetic field strength. The erasure of hard disk drives causes damage that prohibits their continued use.
NSA/CSS Evaluated Products List-Degausser © 2010 Data Security, Inc.
HD-5T Degausser and DB-4000 Disk Drive Bender © 2010 Data Security, Inc. DUO Key Features : Listed on the National Security Agency (NSA) Evaluated Products List-Degausser (EPL-Degausser) NSA/CSS-EPL-9-12A. Meets all NSA, DoD, state, federal, financial and health care regulations, mandates and security guidelines. Simple, automatic operation; designed for reliability, performance, and operator safety. Fast; a combined cycle time of 44-69 seconds per cycle with a throughput of 82-327 drives per hour. Unique, internal Field CheckR provides magnetic field verification of the HD-5T degausser and satisfies requirements for degausser testing. With the largest chamber in an automatic destruction device, the DB-4000 accommodates oversized media as well as multiple pieces per cycle. Compact, lightweight and mobile; the optional cart provides the convenience of combining the degausser and destruction device in one place while providing effortless mobility. Built to last; requires no preventative maintenance or expensive repairs.
HPM-2 Degausser and DB-6000 Disk Drive Bender © 2010 Data Security, Inc. DUO Key Features : Listed on the National Security Agency (NSA) Evaluated Products List-Degausser (EPL-Degausser) NSA/CSS-EPL-9-12A. Meets all NSA, DoD, state, federal, financial and health care regulations, mandates and security guidelines. Fast; a combined cycle time of 18-22 seconds per cycle with a throughput of 200-800 hard drives per hour. Environmentally friendly solution; manual operation requires no electricity. DB-6000 destruction device allows choice of power sources: a manual handle or the added speed and efficiency of a cordless drill (drill not included). Compact, lightweight and mobile; the optional cart provides the convenience of combining the degausser and destruction device in one place while providing effortless mobility. Built to last; requires no preventative maintenance or expensive repairs.
Degausser testing Evaluated Products List-Degausser ISFO Process Manual Rev. 3 2011.1, page 150-151 © 2010 Data Security, Inc. Degaussers should be tested periodically using the timetable established by DSS and NSA. The degausser must be tested within six months after the initial “new” purchase or immediately if purchased used. Even products on the EPL must be re-tested twice a year for the first two years, then once a year thereafter. If the results are marginal, the degausser must be re-tested within six months. The EPL (Evaluated Products List) – Degausser specifies the current models of commercial equipment that satisfy NSA/CSS requirements for erasure of magnetic storage devices retaining any level of classified or sensitive data. Listing on the EPL-Degausser does not constitute endorsement of the product by the USG or NSA/CSS; it only states that the evaluated degausser has met the applicable NSA/CSS performance requirements. Neither does the listing guarantee continued performance; customers should have their equipment re-tested periodically according the manufacturer’s recommendations.
Field CheckR Key Features: Listed in the National Security Agency Evaluated Products List-Degausser. Instantly verifies the magnetic field of any degausser. Designed to allow user the ability to test more often than annually or biannually. © 2010 Data Security, Inc.
Commercial Degaussers Not listed in the NSA EPL-Degausser Magnetic field is not strong General rule – Gauss (Oersted) applied to media must be 2x Coercivity. Advertised Gauss is measured at the core. Magnetic fields dissipate very rapidly from the magnetic core. Disks located in center of HDD and top of HDD are subjected to fields much weaker than the Coercivity of the media. © 2010 Data Security, Inc.
Storage Excess media storage is a security risk. Additional inventory of excess media requires additional administrative procedures, storage space and labor necessary to control. Without adequate storage or sanitization procedures, classified magnetic media is often stored in obscure locations (behind bookshelves, false bottoms in desk drawers), increasing the risks associated with storing classified information. Media with large storage capacity and small physical size can be easily removed by employees (e.g., LTO III 400 GB, SDLTII 300 GB, VXA 160 GB). © 2010 Data Security, Inc.
Overwrite Challenges © 2010 Data Security, Inc.
Destruction: Paper, Optical, Key Tape, HDD after Degaussing, National Security Agency (NSA) provides Media Destruction Guidance. http://www.nsa.gov/ia/guidance/media_destruction_guidance/index.shtml The NSA has determined that High Security Disintegrators listed on the Evaluated Products List provide adequate security for the destruction of paper, optical media (CDs and DVDs), and punched tape as annotated on the EPL. For destroying paper only, a list of evaluated High Security Crosscut Paper Shredders is available. For sanitizing magnetic media, a list of evaluated degaussers is available. NSA Guidance: “it is highly recommended that the hard disk drive be physically damaged prior to release.” (NSA/CSS 9- 12 Storage Device Declassification Manual) NSA Evaluated Products List- HDD Destruction Devices, post degaussing, pending publication. Department of Navy Processing of Magnetic Hard Drive Storage Media for Disposal says all DoN-owned magnetic hard drive storage media will remain in DoN custody until degaussed, destroyed. Destruction can be as simply bending the hard drive. (DON CIO Privacy Term August 5, 2010) © 2010 Data Security, Inc.
Destruction After Degaussing © 2010 Data Security, Inc. least secure Punched Folded Shredded NSA preferred physical destruction method time consuming, expensive, and equipment requires frequent repairs
Destruction: Solid State Media © 2010 Data Security, Inc. NSA Guidance: Destruction to 2 mm particle size
SSMD-2mm © 2010 Data Security, Inc. Key Features: Meets National Security Agency (NSA) and Department of Defense (DoD) specification for the destruction of solid state media and optical media to 2 mm. Unique dual stage disintegration process destroys solid state storage media (memory cards, memory boards, thumb drives, cell phones, tablets, solid state drives) and optical media (CDs, DVDs, Blu-Ray disks). Simple, automatic push button operation, designed for reliability, performance, and operator safety. Senses and automatically adjusts to clear and prevent jams. Parts are designed for reuse, and easily rotate for a additional use, resharpening or quick replacement. Compact and clean, ideal for any setting, including offices.
Data Security, Inc. Contact us: 800-225-7554 729 Q Street Lincoln NE 68508 datasecurityinc.com © 2010 Data Security, Inc.
1st Choice Document Destruction, Inc (a member of the NAID Association) is proud to be an exclusive distributor for “The Guardian” Hard Drive Destroyer.
Media Sanitization How to get rid of unwanted data so no one else can get it.
1st Choice Document Destruction (a member of the NAID Association) is proud to be an exclusive distributor for The Guardian Hard Drive Destroyer. Anyone.
Data Elimination 101. What Does Degauss Mean? Computer hard drives use magnetic fields to store data on special discs called platters. Degaussing is the.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Information Technology Storage Devices Prof. Adnan Khalid.
Action Plan for Success Disk Clearing and Disk Sanitization 1 NetApp - Proprietary & Confidential.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Data Destruction Is it really gone? Donna Read Chris Parker Florida Gulf Coast ARMA Chapter April 2013.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Protecting Sensitive Information PA Turnpike Commission.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
ICT Unit 3 Storage Devices and Media. What is backing up of data? Backing up refers to the copying of file to a different medium It’s useful if in case.
Secondary Storage Chapter 7. Introduction Data storage has expanded from text and numeric files to include digital music files, photographic files, video.
Electronic Records Management: What Management Needs to Know May 2009.
Unit 3—Part B Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj 1-1) Unit 3—Part B Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj.
HIPAA REVIEW Western Asset Protection. At Western Asset Protection, we are committed to building and maintaining respectful and productive relationships.
1 Record Management Medical Center Administrative Group Fall Symposium November 15, 2000 University Audit.
Chapter 3: Storage Devices & Media ALYSSA BAO 1. 2 Solid State controls movements of electrons within a microchip Optical uses precision lasers to access.
Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.
Preventing Common Causes of loss. Common Causes of Loss of Data Accidental Erasure – close a file and don’t save it, – write over the original file when.
Protecting Personal Information Guidance for Business.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
ZHRC/HTI Financial Management Training Session 9: Stores and Supplies Management.
Aspects of Electronic Waste Disposal Lawrence P. Hayes P.E. E-Waste Experts, Inc.
3.1 Storage Devices INFO1 – Practical problem solving in the digital world.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Langara College PCI Awareness Training. Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies.
AAK Video Production Intro to Camcorders. A camcorder (video CAMera reCORDER) is an electronic device that combines a video camera and a video recorder.
Storage Devices. Storage Storage refers collectively to all the various media on which a computer system can store software and data. Storage is also.
COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 6 Storage and Multimedia.
What do you mean by external storage devices? External storage devices are the devices that temporarily store information for transporting from computer.
© CCI Learning Solutions Inc. 1 Lesson 3: Working with Storage Systems storage systems hard disk drives optical drives portable or removable storage devices.
Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
GMP Document and Record Retention GMP Document and Record Retention.
Storage device. Diskettes (floppy disks) Hard disks High-capacity floppy disks Disk cartridges Magnetic tape.
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Records Management: The Public Records Act, the Library of Virginia, and You Glenn Smith Records Management Analyst.
Identity Theft Solutions. ©SHRM Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.
Computer Storage Devices Principles of Information Technology Lytle High School Click to continue.
1 Maintain System Integrity Maintain Equipment and Consumables ICAS2017B_ICAU2007B Using Computer Operating system ICAU2231B Caring for Technology Backup.
Computers in the real world Objectives Explain the need for secondary storage devices Understand the three main storage types – Optical – Magnetic – Solid.
Chapter 8 Secondary Storage McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
Secondary Storage © 2013 The McGraw-Hill Companies, Inc. All rights reserved.Computing Essentials 2013.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Introduction Introduction Types of Secondary storage devices Types of Secondary storage devices Floppy Disks Floppy Disks Hard Disks Hard Disks.
Storing Data: Electronic Filing Cabinets What You Will Learn Difference between memory and storage How storage media are categorized Measuring a storage.
© 2017 SlidePlayer.com Inc. All rights reserved.