Webupon

OverviewIn the following pages, you will find:

• Recent Events – First up I present a number of recent events involving breaches of security pertaining to personally identifiable information.
• Concepts and Strategies – A discussion of the key concepts and factors pertinent to the irreversible destruction of information then follows. I then outline a number of simple step-by-step plans to implement these strategies for various media types.
• Quick Reference Guide – Finally, you will find a quick reference guide listing the various types and formats of information storage that you may occasionally need to destroy.

Recent Events

Recent incidents of careless handling and management of personally identifiable information (PII) abound. For instance, the discovery of a stack of boxes belonging to First Magnus Financial outside a University of Phoenix building in Fort Lauderdale, Florida, USA in February, 2008 containing files and paper records holding Social Security numbers, credit card information, names, addresses and other personally identifiable information (PII).

In Australia, another recent incident involved a movie hire chain that had disposed of reams of paper records via the public refuse disposal system. The records contained much PII from customers, employees and job applicants. It ended up at a landfill. Persons unknown retrieved it and not long later, it found its way into the possession of some identity fraud criminals. Police recovered it when investing a number of individuals suspected of identity fraud.

A 2008 report by the National Health Service (NHS) in the UK found that no less than nine NHS trusts had recently lost patient information because of insecure practices regarding laptop computers, external hard drives, USB drives and optical media.

It is all very worrying in deed. Here is what to do to prevent any of the personally identifiable information (PII) that may be in your custody from escaping into the wrong hands.

Information Disposal Concepts and Strategies

As always, start by breaking the topic of generally disposing of information into a number of self-contained subcomponents. Create a number of smaller easy to manage categories that have members whose preferred method of destruction is the same. This will make it easier for people to identify exactly what it is that is required of them in any given situation.

Physical Classification

Try to group items based on physical attributes such as paper, hard drives, flash memory, USB devices, optical storage, peripheral device cache memory, magnetic tapes, computers, handhelds and communications devices such as cell phones and smart phones (iPhone, BlackBerry etc).

Information Disposal Policy

Develop and implement an information disposal policy detailing the procedures that all concerned must follow.

Clearly subdivide the various containers that hold any information that you do not want “leaked”. Define the scope that each component of your information disposal policy covers. For example, make headings such as “Paper Records Disposal Procedures” or “Computer Hardware Disposal Procedure” and “Mobile Devices Disposal Procedures”.

Define Responsibility

Responsibility for the security or personally identifiable information lies with the holder or keeper, if you will, of that information. This means everybody including the cleaner. If the cleaner is not trusted with this information, then do not throw it in the bin where they must access it in the discharge of their normal duties – taking out the trash.

Information Destruction Documentation Procedures

For many devices that have residual value and those that require permanent and irrecoverable destruction, develop a documentation of destruction procedure. Irrecoverable destruction of a device means more than irrecoverable destruction of the information it may have contained. It means that the device and all of its components will never ever function again, no matter how hard anyone tries.

For example, this would include recording the serial numbers of devices such as hard drives and USB flash drives. Details of the irreversible erasure procedures conducted and by whom. The degaussing process and final physical destruction of the device will all need detailing along with the appropriate time information. Then record the ultimate fate of the destroyed device or components.

Toxic Waste

You have now ensured that no data is recoverable from these devices but your responsibilities do not end here. Most components of information systems including the media that the information is stored on contain considerable quantities of toxic materials. This factor needs addressing appropriately, when the time comes for their final disposal.

Education

Develop as part of your information disposal policy appropriate fact finding, user education and information dispersal strategies and programs. You will need to push as well as to pull here. Pull to learn what they do or do not know. Push to make sure everyone is adequately informed and familiar with required policy.

The biggest job will be educating everyone that you have an information disposal policy that sets forth all of the does and don’ts. Make sure that everybody understands to compliance with this policy is not voluntary, it is mandatory.

Legislative regulations exist that make it so. Your job is to ensure compliance from your own and everybody else’s behavioral practices in this regard. Technically, we call this Information Disposal Practices Dispersal (IDPD).

Repetition is a key component in all aware-raising campaigns. The education of yourself and your users regarding appropriate information destruction and disposal techniques, practices and policy is no different. So develop a multi-phase plan that presents your message multiple times in a number of different formats cyclically over an extended time-period to ensure that it never becomes “stale”.

Communication

Communicate your information disposal policy and its contents clearly and repeatedly using a variety of different communications channels and media. Memos, notice boards and emails are handy here.

Printed materials such as summary check sheets highlighting the procedure for information destruction for each category are essential. Always include contact details at the top and bottom of who to contact if there is any doubt.

Degaussing

Named after Carl Friedrich Gauss, an early researcher in the field of magnetism, degaussing is the process of decreasing or eliminating an unwanted magnetic field.

Because of a property called magnetic hysteresis it is generally not possible to reduce a magnetic field completely to zero. As a result degaussing typically induces a very small “known” field referred to as bias.

Data is stored in magnetic media, such as hard drives, floppy disks and magnetic tape, by making very small areas called magnetic domains change their magnetic alignment to be in the direction of an applied magnetic field.

The object of degaussing is to leave these domains in random patterns with no preference to orientation, thereby rendering previous data unrecoverable. Although some domains will remain nonrandomized after degaussing, they will be by far, too few to permit data reconstruction. The degausser generates a magnetic field in order to degauss magnetic storage media and it may be AC powered, DC powered or a very strong permanent magnet.

Modern monitors use an automatic degausser at startup so you can place a floppy disk against the monitor screen when you turn it on or push the manual degauss button on the monitor and you will find that the data becomes corrupted and very difficult to recover.

Security-In-Depth

The following procedure is far more secure than simply using one technique by itself. This is a basic fundamental concept of security called security-in-depth. It is applicable to all systems at all levels. An old saying that comes to mind expresses this philosophy of this best. “Don’t put all of your eggs in one basket”

ALWAYS use multifactor processes or multi-process systems.

Magnetic Storage Media Information Destruction

The recommended practice for irrecoverable erasure and degaussing of magnetic media is as part of a three-cycle process.

1. In the first cycle, you overwrite the media with a randomized pattern of ones and zeros three times. Then you degauss the media.
2. The second cycle will then overwrite the media with irrelevant but real data three times. This could be a set of MP3 or WAV files, followed by document files (PDF, word docs, text files) and then another set of files such as streaming media, jpeg or mpeg files (pictures movies etc.). Some companies will use a set of images of extreme resolution in an uncompressed format. This has the effect of writing data to more than 90% of the discs magnetic domains. Now you repeat your degaussing procedure using a different degaussing device or method (DC instead of AC or permanent magnet).
3. Finally, the last cycle will overwrite the disc another three times with randomized data. Then comes the final degaussing cycle after which the media is ready for permanent physical destruction.

“Why go to such extremes?” you may ask. Well, the answer lies with the toxic composition of information technology systems and media.

Today you will find that there are regulatory requirements concerning the appropriate disposal and probable recycling of the materials used to make your storage media. Thus, you need to be very sure that there is no hope in hell that anything is recoverable from your waste after it leaves your control.

Remember that you are still responsible for the ultimate nondisclosure of all personally identifiable information, company secrets or your own secrets. If they get out, you will be wearing the consequences. By using the above procedure, you do not need to worry about the actions or irregular practices of others.

To illustrate further I recently brought a dozen hard drives on eBay. In every case, their entire contents were readable. Being a little on the paranoid side I always perform the secure irrecoverable information destruction procedure as outlined above. I do not want any of the previous owner’s malware coming my way.

The previous owners had merely deleted the files prior to selling them. When the operating system deletes a file it only changes the flag marking that location on the drive as being available for writing new data. It does not overwrite or securely delete the old data.

Electronically Stored Information Destruction

There are many ways in which to destroy electronically stored information. Not all are equal in effectiveness, completeness or reliability. Remember the toxicity issues. Here are some of your options:

Physical Destruction

Use the above magnetic media information destruction process and then physically destroy the device. Sledgehammers and blowtorches do a good job once the device has been electrically and magnetic cleansed.

Degaussing

Use degaussing as outlined above for devices and media slated for retirement. If you intend to reuse the media, then degaussing is probably the best single option. It is often your best option in terms of speed and in prolonging the life of the media particularly when erasure by overwriting involves mechanical processes. All mechanical processes such as spinning hard drive platters or tape reels by their very nature cause wear and tear. Degaussing is magnetic and hence produces negligible physical wear and tear. You can only overwrite USB flash drives so many times before they fail. This is why it is a bad idea to be continually defragmenting USB flash drives.

Low-Level Formatting

Once is not enough and should always be in combination with other techniques. If you are going to reuse the media yourself then a three pass low-level reformat is an option but the formatting tool needs to be of reliably high quality. Performing a full disc low-level butterfly reformat is better than standard formatting processes but takes considerably longer.

Overwriting (also known as wiping)

Overwriting is only reliable in combination with other techniques such as degaussing. By itself, it is probably the least reliable of all of these methods.

The reason for this is that a thorough and methodical approach in conducting a three-pass overwrite cycle is essential. This is something that the Department of Defense (DoD) can ensure through military discipline a luxury we do not have in the civilian world.

Repeatedly performing this procedure numerous times, a day is not something to look forward to with any great anticipation. Human nature being as it is shortcuts and slackness will rapidly become the norm. It is also a lengthy process and hence not cost-effective.

Destruction of Paper Records

Cross shredding is the preferred method here. If cross shredders are not available throughout your organization then you can collect all paper materials including delivery and transport identifiers and packaging for centralized cross shredding.

This is infinitely cheaper than the consequences and bad publicity arising from breaches of personally identifiable information security. People are very sensitive about their own personal information and not very forgiving or sympathetic to those breaching their trust.

Communication Devices Information Destruction

Removing the battery will not destroy the data stored within. You must thoroughly remove data from all mobile communications devices such as cell phones, smart phones, PDA/Phones etc. Develop procedures and policies for doing this. Instruct all concerned in these procedures.

Schedule periodic “refresher” courses and updates which stress the seriousness of breaches of personally identifiable information resultant from improper disposal of these devices.

Decommissioning and Retiring Assets

Assume that all such devices including older computers, workstations, servers, laptops etc contain personally identifiable information and act accordingly. Irreversibly remove all data from the about to be decommissioned asset. Develop appropriate policies and procedures along with suitable education programs.

Quick Reference Guide

It is a good idea to provide everyone with a quick reference guide. Not everybody remembers everything forever. I have listed below a sample quick reference list below that you can use in any way you wish.

• PC with hard drive – Erase irreversibly, degauss, physically destroy if appropriate
• External hard drive – Erase irreversibly, degauss, physically destroy if appropriate
• USB Drive – Erase irreversibly, physically destroy if appropriate
• Thumb Drive – Erase irreversibly, physically destroy if appropriate
• Memory Sticks – Erase irreversibly, physically destroy if appropriate
• Fax Machine – Erase irreversibly, physically destroy if appropriate
• Printer – Erase irreversibly, physically destroy if appropriate
• Copier – Erase irreversibly, physically destroy if appropriate
• Optical Discs – Physically destroy if appropriate
• Floppy Disks – Erase irreversibly, degauss, physically destroy if appropriate
• Tapes – Erase irreversibly, degauss, physically destroy if appropriate
• Handhelds (PDAs etc) – Erase irreversibly, physically destroy if appropriate
• Cell Phones – Erase irreversibly, physically destroy if appropriate
• Smart Phones – Erase irreversibly, physically destroy if appropriate
• Paper – Cross Shred

Attention: Documentary evidence of destruction is required. See information disposal policy for details.