SlideShare a Scribd company logo

Data Sanitization and Disposal: Best Practices

Avritek, profile picture
Avritek

The document outlines best practices for data sanitization and disposal, emphasizing compliance with laws like FACTA and various industry standards. It details techniques for data destruction such as shredding, degaussing, and wiping, along with myths and misconceptions regarding data sanitization. The document also highlights the importance of proper documentation and certification of destruction to prevent unauthorized data access.

Devices & Hardware
Related topics:
Information Security
1 of 11
Downloaded 29 times
1
2
3
4
5
6
7
8
Most read
9
10
Most read
11
Data Sanitization and Disposal: Best Practices Ed Pletner - CEO Christian Lardie - IT Project Coordinator
Laws, Regulations, & Liabilities ●FACTA: Fair and Accurate Credit Transactions Act ●“any person who maintains or otherwise possesses consumer information for a business purpose” must properly destroy discarded information. ●“must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. ●Civil Liability, Class Action, Federal Enforcement, State Enforcement ●Others: HIPAA, HITECH, PCI DSS, Sarbanes-Oxley, Graham-Leech-Bliley, etc.
Techniques for Data Destruction • Shredding: Industrial Hard Drive Shredding Machine (ex Ameri-shred) • Degaussing: Magnetic data on a tape or hard disk is neutralized or erased. Makes media unusable and damages the storage system
Techniques for Data Destruction • Wiping: Overwriting of data with 1s and 0s or non- sensitive data • Free Wiping Software: Ex. Dban, ActiveKillDisk • Advantage: Free and easy to use • Disadvantage: No validation of wipe • Paid Wiping Software: Ex. Tabernus, WipeDrive • Advantages: Error handling of failed drives, Reporting/Logging of successful data erasure • Disadvantage: Costs
Myths of Data Destruction • A simple re-format/delete is adequate • SSDs should be treated the same as Hard Drives • Hammer to hard drive
NIST Media Sanitization Guidelines • NIST (National Institute of Standards and Technology) • Updated from older 3-Pass (DOD 5220.22-M) • For ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack.
NIST Sanitization Methods ●Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device ●Ex. Software Wipe (1 or more Pass) ●Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques. ●Ex. ATA SecureErase; Cryptographic Erase, Degauss ●Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data ●Ex. Shred, Incinerate, Pulverize
Data Sanitization and Disposal: Best Practices
1. Manufacturer 2. Model 3. Serial Number 4. Media Type 5. Sanitization Description (Clear, Purge, Destroy) 6. Method Used (degauss, overwrite, block erase, crypto erase, shred) 7. Verification Method 8. Signed & Dated Documentation
CERTIFICATE OF DESTRUCTION THIS IS TO CERTIFY THAT ALL MATERIALS RECEIVED FROM THE BELOW LISTED CUSTOMER FOR DESTRUCTION WERE DESTROYED AND WILL BE RECYCLED IN ACCORDANCE WITH ALL APPLICABLE FEDERAL, STATE, AND LOCAL REGULATIONS. WE FURTHER WARRANT THAT REASONABLE PRECAUTIONS WERE TAKEN TO PREVENT ANY UNAUTHORIZED THIRD PARTY FROM GAINING ACCESS TO THE MATERIALS WHILE IN OUR POSSESSION TO FINAL DISPOSITION Customer Location: ABC Company 123 Street Dr. San Diego, CA 92111 650 Gateway Center Way, Suite I San Diego, CA 92102 858-715-0950 www.avritek.com ________________________ Destruction Certified By Date Generator Location: ABC Company 123 Street Dr. San Diego, CA 92111 Material Description(s): 100 Hard Drives Shredded/Wiped (see attached excel sheet for Serials). REFERENCE #: PT-1244
Mobile Device Security ●Factory Reset ●Blackberry: Security Wipe ●Android: Encrypt then factory reset ●Apple (iPad & iPhone): Enable Data Protection then “Erase All Content” ●Software Wipe via Tabernus or WipeDrive Mobile ●Reporting ●Utilizes the factory reset partition ●Shred

More Related Content

PDF
Database forensics
Denys A. Flores, PhD
 
PPTX
Digital forensic tools
Parsons Corporation
 
PDF
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
PDF
Digital Forensics
Vikas Jain
 
PPT
Data recovery
bhaumik_c
 
PPTX
Computer forensic ppt
Priya Manik
 
PPT
Data loss prevention (dlp)
Hussein Al-Sanabani
 
PPTX
Incident response
Anshul Gupta
 
Database forensics
Denys A. Flores, PhD
 
Digital forensic tools
Parsons Corporation
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Digital Forensics
Vikas Jain
 
Data recovery
bhaumik_c
 
Computer forensic ppt
Priya Manik
 
Data loss prevention (dlp)
Hussein Al-Sanabani
 
Incident response
Anshul Gupta
 

What's hot (20)

PPTX
Introduction to filesystems and computer forensics
Mayank Chaudhari
 
PDF
Accessing Forensic Images
CTIN
 
PPTX
Digital forensics
vishnuv43
 
PPT
Introduction to computer forensic
Online
 
PPT
Computer +forensics
Rahul Baghla
 
PPTX
mobile forensic.pptx
Ambuj Kumar
 
PPTX
Data Acquisition
primeteacher32
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PDF
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 
PPT
Data recovery
Mir Majid
 
PPT
Digital Forensics
Nicholas Davis
 
PDF
Memory Forensics
n|u - The Open Security Community
 
PPTX
Network forensic
Manjushree Mashal
 
PPTX
Security Awareness & Training
novemberchild
 
PDF
14 tips to increase cybersecurity awareness
Michel Bitter
 
PPTX
Data security
AbdulBasit938
 
PPTX
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
PPTX
Mobile Forensics
abdullah roomi
 
PDF
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
PPTX
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Introduction to filesystems and computer forensics
Mayank Chaudhari
 
Accessing Forensic Images
CTIN
 
Digital forensics
vishnuv43
 
Introduction to computer forensic
Online
 
Computer +forensics
Rahul Baghla
 
mobile forensic.pptx
Ambuj Kumar
 
Data Acquisition
primeteacher32
 
Computer forensics powerpoint presentation
Somya Johri
 
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 
Data recovery
Mir Majid
 
Digital Forensics
Nicholas Davis
 
Memory Forensics
n|u - The Open Security Community
 
Network forensic
Manjushree Mashal
 
Security Awareness & Training
novemberchild
 
14 tips to increase cybersecurity awareness
Michel Bitter
 
Data security
AbdulBasit938
 
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
Mobile Forensics
abdullah roomi
 
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Ad

Similar to Data Sanitization and Disposal: Best Practices (20)

PPT
An Introduction to Asset Recovery
mylespilkington
 
PDF
Rothke effective data destruction practices
Ben Rothke
 
PDF
Ben Rothke - Effective Data Destruction Practices
Ben Rothke
 
PDF
Data Sanitization: What, Why, When and How?
Baltimax
 
PPTX
A guide to Sustainable Cyber Security
Ernest Staats
 
PPTX
Data security
Muhammad Yasir
 
PPTX
PACE-IT, Security+ 4.4: Controls to Ensure Data Security
Pace IT at Edmonds Community College
 
PPTX
Anti forensic
Milap Oza
 
PPT
computer forensics
Akhil Kumar
 
PDF
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
 
PPTX
Data destruction policy
Abhay Kshirsagar, M.S., CISA
 
PDF
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Cillian Kieran
 
PPTX
DG_Architecture_Training.pptx
TranVu383073
 
PPTX
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
PPT
Spotlight on GFI EndPoint Security 2013
GFI Software
 
PPT
cyber forensics - TYPES OF CYBER FORENSICS.ppt
mcjaya2024
 
PDF
Effective Data Erasure and Anti Forensics Techniques
ijtsrd
 
PPTX
Data Security Management - Data Analytics
rashiesoft
 
PPTX
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
PPTX
Sujit
Sujit George
 
An Introduction to Asset Recovery
mylespilkington
 
Rothke effective data destruction practices
Ben Rothke
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke
 
Data Sanitization: What, Why, When and How?
Baltimax
 
A guide to Sustainable Cyber Security
Ernest Staats
 
Data security
Muhammad Yasir
 
PACE-IT, Security+ 4.4: Controls to Ensure Data Security
Pace IT at Edmonds Community College
 
Anti forensic
Milap Oza
 
computer forensics
Akhil Kumar
 
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
 
Data destruction policy
Abhay Kshirsagar, M.S., CISA
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Cillian Kieran
 
DG_Architecture_Training.pptx
TranVu383073
 
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
Spotlight on GFI EndPoint Security 2013
GFI Software
 
cyber forensics - TYPES OF CYBER FORENSICS.ppt
mcjaya2024
 
Effective Data Erasure and Anti Forensics Techniques
ijtsrd
 
Data Security Management - Data Analytics
rashiesoft
 
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
Sujit
Sujit George
 
Ad

Recently uploaded (20)

PPTX
Wireless and Mobile Backhaul Market.pptx
ashishjadhav559203
 
PPTX
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
PPT
Lines and angles cbse class 9 math chemistry
cuteprincessmisty
 
PPTX
Operating System Processes_Scheduler OSS
UzumakiNamikaze
 
PPTX
Nanokeyer nano keyekr kano ketkker nano keyer
Oscar Tebar Serrano
 
DOCX
fsdffdghjjgfxfdghjvhjvgfdfcbchghgghgcbjghf
SoundaryaSonu9
 
PDF
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
PPTX
Presentation 1.pptxnshshdhhdhdhdhdhhdhdhdhd
ArpitMalhotra16
 
PPTX
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
PDF
PPT Determiners.pdf.......................
kanikadhiman1001
 
PPTX
Embedded for Artificial Intelligence 1.pptx
ifnadeksisa
 
PDF
Presented by ATHUL KRISHNA.S_20250813_191657_0000.pdf
athulkrishnas966
 
DOCX
Edukasi kultural untuk kita semua maka c
sukadimsumentai
 
PPTX
02fdgfhfhfhghghhhhhhhhhhhhhhhhhhhhh.pptx
eeshakhanzadi43
 
PDF
Dynamic Checkweighers and Automatic Weighing Machine Solutions
dadisick66688
 
PPTX
Entre CHtzyshshshshshshshzhhzzhhz 4MSt.pptx
Eyob262486
 
PPTX
material for studying about lift elevators escalation
maxgunner1212001
 
PPTX
Fundamentals of Computer.pptx Computer BSC
muhammadawais03085
 
PPTX
A Clear View_ Interpreting Scope Numbers and Features
Eurooptic Ltd
 
PDF
Dozuki_Solution-hardware minimalization.
kurtaku1
 
Wireless and Mobile Backhaul Market.pptx
ashishjadhav559203
 
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
Lines and angles cbse class 9 math chemistry
cuteprincessmisty
 
Operating System Processes_Scheduler OSS
UzumakiNamikaze
 
Nanokeyer nano keyekr kano ketkker nano keyer
Oscar Tebar Serrano
 
fsdffdghjjgfxfdghjvhjvgfdfcbchghgghgcbjghf
SoundaryaSonu9
 
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
Presentation 1.pptxnshshdhhdhdhdhdhhdhdhdhd
ArpitMalhotra16
 
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
PPT Determiners.pdf.......................
kanikadhiman1001
 
Embedded for Artificial Intelligence 1.pptx
ifnadeksisa
 
Presented by ATHUL KRISHNA.S_20250813_191657_0000.pdf
athulkrishnas966
 
Edukasi kultural untuk kita semua maka c
sukadimsumentai
 
02fdgfhfhfhghghhhhhhhhhhhhhhhhhhhhh.pptx
eeshakhanzadi43
 
Dynamic Checkweighers and Automatic Weighing Machine Solutions
dadisick66688
 
Entre CHtzyshshshshshshshzhhzzhhz 4MSt.pptx
Eyob262486
 
material for studying about lift elevators escalation
maxgunner1212001
 
Fundamentals of Computer.pptx Computer BSC
muhammadawais03085
 
A Clear View_ Interpreting Scope Numbers and Features
Eurooptic Ltd
 
Dozuki_Solution-hardware minimalization.
kurtaku1
 

Data Sanitization and Disposal: Best Practices

  • 1. Data Sanitization and Disposal: Best Practices Ed Pletner - CEO Christian Lardie - IT Project Coordinator
  • 2. Laws, Regulations, & Liabilities ●FACTA: Fair and Accurate Credit Transactions Act ●“any person who maintains or otherwise possesses consumer information for a business purpose” must properly destroy discarded information. ●“must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. ●Civil Liability, Class Action, Federal Enforcement, State Enforcement ●Others: HIPAA, HITECH, PCI DSS, Sarbanes-Oxley, Graham-Leech-Bliley, etc.
  • 3. Techniques for Data Destruction • Shredding: Industrial Hard Drive Shredding Machine (ex Ameri-shred) • Degaussing: Magnetic data on a tape or hard disk is neutralized or erased. Makes media unusable and damages the storage system
  • 4. Techniques for Data Destruction • Wiping: Overwriting of data with 1s and 0s or non- sensitive data • Free Wiping Software: Ex. Dban, ActiveKillDisk • Advantage: Free and easy to use • Disadvantage: No validation of wipe • Paid Wiping Software: Ex. Tabernus, WipeDrive • Advantages: Error handling of failed drives, Reporting/Logging of successful data erasure • Disadvantage: Costs
  • 5. Myths of Data Destruction • A simple re-format/delete is adequate • SSDs should be treated the same as Hard Drives • Hammer to hard drive
  • 6. NIST Media Sanitization Guidelines • NIST (National Institute of Standards and Technology) • Updated from older 3-Pass (DOD 5220.22-M) • For ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack.
  • 7. NIST Sanitization Methods ●Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device ●Ex. Software Wipe (1 or more Pass) ●Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques. ●Ex. ATA SecureErase; Cryptographic Erase, Degauss ●Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data ●Ex. Shred, Incinerate, Pulverize
  • 9. 1. Manufacturer 2. Model 3. Serial Number 4. Media Type 5. Sanitization Description (Clear, Purge, Destroy) 6. Method Used (degauss, overwrite, block erase, crypto erase, shred) 7. Verification Method 8. Signed & Dated Documentation
  • 10. CERTIFICATE OF DESTRUCTION THIS IS TO CERTIFY THAT ALL MATERIALS RECEIVED FROM THE BELOW LISTED CUSTOMER FOR DESTRUCTION WERE DESTROYED AND WILL BE RECYCLED IN ACCORDANCE WITH ALL APPLICABLE FEDERAL, STATE, AND LOCAL REGULATIONS. WE FURTHER WARRANT THAT REASONABLE PRECAUTIONS WERE TAKEN TO PREVENT ANY UNAUTHORIZED THIRD PARTY FROM GAINING ACCESS TO THE MATERIALS WHILE IN OUR POSSESSION TO FINAL DISPOSITION Customer Location: ABC Company 123 Street Dr. San Diego, CA 92111 650 Gateway Center Way, Suite I San Diego, CA 92102 858-715-0950 www.avritek.com ________________________ Destruction Certified By Date Generator Location: ABC Company 123 Street Dr. San Diego, CA 92111 Material Description(s): 100 Hard Drives Shredded/Wiped (see attached excel sheet for Serials). REFERENCE #: PT-1244
  • 11. Mobile Device Security ●Factory Reset ●Blackberry: Security Wipe ●Android: Encrypt then factory reset ●Apple (iPad & iPhone): Enable Data Protection then “Erase All Content” ●Software Wipe via Tabernus or WipeDrive Mobile ●Reporting ●Utilizes the factory reset partition ●Shred