Using Dban to securely overwrite data

Slides:

Advertisements

Similar presentations

State of New Jersey Office of the State Comptroller Disposition of Excess and Surplus Computer Equipment.

Advertisements

OVERVIEW OF THE PURCHASING CARD PROGRAM Purpose of the card: Streamline the Purchasing procedures Simplifying a lot of steps (End user, Procurement and.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Insert event title and date (go to VIEW>MASTER>SLIDE MASTER to edit) Queenslan d Audit Office CPA Public Sector Discussion Group Paul Christensen A/Director.

Exercise 1 TDT 4235 Tor Stålhane IDI / NTNU. Intro The strength of ISO9001 and many other standards is that they focus on “What shall be done” and leave.

Ensuring Compliance Part 1 JAQUELINE REESE AND RICHARD SHEAFFER | MAY 12, 2014.

Property Management Overview

Guidance Overview for Disposition of Real Property Acquired with FTA Financial Assistance May 20, 2014 Valencia McFerrin Director, Office of Grants Management.

Surplus Property February Surplus Property Policy Policy is located within the Finance and Operations Policy Library –

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

Computer Related Issues IC3 Chapter 5 Computer Fundamentals.

Removal of Assets Inventory Request for Removal (IRR) Inventory Services The University of Texas at Austin.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

IT Security Requirements

 What is electronic data?  Information stored electronically, e.g. pictures, music, documents, etc.  Where can you store your data?  Cell phones 

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

National Property Management Association Disposing of Assets Containing Sensitive Information Kim Doner, CPPM SRA International.

Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.

Continuity of Operations Planning COOP Overview for Leadership (Date)

GSA's Partner in the Federal Surplus Personal Property Program: What State Agencies for Surplus Property Can Do for You! Scott E. Pepperman Executive Director.

TIA Technology & Standards Conference Call Complimentary Copies.

Task 16 Describe the need for document control (such as ensuring that completed models are approved, labelled and stored on a suitable storage medium).

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Federal Acquisition Service U.S. General Services Administration David Robbins, CPPM Director Office of Personal Property Management June 14, 2010 GSA.

ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.

® HHM Clean Desk Policy. 2 ® Clean Desk Policy : What Will You Learn Importance of Privacy and Security The kinds of information we protect Privacy Requirements.

SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.

KENYA NATIONAL BUREAU OF STATISTICS

TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.

Data Protection and research Rachael Maguire Records Manager.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

East Carolina University Records Management. Records should be destroyed when indicated by the departmental or general records schedule. Items marked.

DOCUMENTATION ISO/IEC 17025:2005 Documentation.

Information Management and the Departing Employee.

U.S. General Services Administration Office of Governmentwide Policy Federal Environmental Symposium June 3, 2008.

PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.

The information that is stored on business computer and hard drives needs to be securely destroyed and is important part of managing the information security.

1 Determining a client’s peripheral requirements  Determine current business practices  Determine peripheral requirements  Analyse and document existing.

Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.

Chapter 21 Accounting for Plant Assets and Depreciation Part II.

Susan McKinney, CRM. RECORDS MANAGEMENT AT THE U Policy: Managing University Records and Information Procedures: Retention of University Records Destruction.

Protecting PHI & PII 12/30/2017 6:45 AM

UW-Madison Guidelines for Managing the Records of Departing Employees*

Unit 3 Providing safe environments for children

Records Retention NYS Magistrates’ Association

Equipment Management Chris Crutcher | Branch Director, Internal Operations | September 19, 2017.

2017 TCS SMT Training - Dallas

Guidelines for Use of Government Owned Equipment

GDPR Security: How to do IT? IT reediness for competitive advantage

Records Management Basics

Quality Management Systems – Requirements

2017 TCS SMT Training - Dallas

Records Destruction presented by Records Management

of Technology Recycling

Marketing and Redistribution of state personal property.

Record Management.

Money Management Strategy

Continuity of Operations Planning

H2.9b Maintain Information

Handout 4: Document distribution

Outlook and Shared Drives

Guidelines for Use of Government Owned Equipment

Chapter 17 Inventories.

Equipment and Furniture Capitalized vs. Non-Capitalized

Capital Assets Through the Eyes of an Auditor

PCI, PII & 2015 Accounting.

Presentation transcript:

Using Dban to securely overwrite data by Gianluca sacco

Purpose According to the Department of the Treasury, there are standards specifically in the Division of Purchase & Property. The government audited 58 random hard drives that were going to be either sold with other assets or stored. The audit showed that not only were there issues handling the hard drives, 46 out of the 58 hard drives that were tested had sensitive data on them.

policy The policy states that assets which are over 3,500 shall be kept in storage and anything less than that number will be either disposed of or sold. Document number 01-03-DPP states that Once the asset has become obsolete or replaced from normal wear and tear. From that point on, the department and agencies responsible for the asset(s) are instructed to consult this document to prevent stockpiling of said assets. This is to minimize expensive storage.

Guidelines While selling an asset, that agency must reference section 52:27B-67 of the New Jersey revised statutes, which states the opinion of the director matters to allow the asset to be considered surplus obsolete or no longer suitable for use. This can even include donating materials and not even selling them.

Personal solution: overwriting data In this case, you will be using a program to overwrite all fragments of data. Because of the way data is deleted, you are only deleting the ‘shortcut’ for that file, the actual data still exists in fragments. Once the HDD needs more data, it will pick a fragment to overwrite. This means some picture may even have black spots due to some of the data being overwritten. This program is perfect for not only reselling HDD’s on a government surplus level, but as a seller in the civilian community, this would especially be important while selling a laptop or computer to ensure all PII is non-existent. DBAN will be used to achieve this.

Real life audits In 2011, an audit was done to estimate the competence of the State’s controls for redistributing the excess computer equipment and the disposal of said surplus equipment. This audit also included the protection of all sensitive or confidential information on them. The audit found that out of the 58 hard drives that were tested, 46 of them had data still in them. This data in found on these hard drives included, tax returns, social security numbers, phone numbers and passwords for said computers these hard drives were used in.

References Boxer, Mathew. “DISPOSITION OF EXCESS AND SURPLUS COMPUTER EQUIPMENT.” Nj.gov, 9 Mar. 2011, www.nj.gov/comptroller/news/docs/report_surplus_audit_03_09_2011.pdf. Karnas, Henry. “CIRCULAR STATE OF NEW JERSEY DEPARTMENT OF THE TREASURY.” Nj.gov, 15 Aug. 2007, www.nj.gov/military/vmh- policies/Business%20Office%2044-02-012A.pdf.