Scrub that Drive: Complying with the Data Security on State Computers Act - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Scrub that Drive: Complying with the Data Security on State Computers Act

Description:

Scrub that Drive: Complying with the Data Security on State Computers Act ... Dell: ~$67 per year to keep defective drives covered by warranty ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 11
Provided by: mikec52
Category:

less

Transcript and Presenter's Notes

Title: Scrub that Drive: Complying with the Data Security on State Computers Act


1
Scrub that Drive Complying with the Data
Security on State Computers Act
  • Mike Corn, Director, Security Services and
    Information Privacy, CITES
  • Gordon Oyer, Director of University Property
    Accounting and Reporting, OBFS

CCSP Day Spring 2004
2
Data Security
  • Effective July 23, 2003, the Data Security on
    State Computers Act (Public Act 93-0306
    introduced new obligations for state agencies
    pertaining to the sale, donation, or transfer of
    computers with any sort of magnetic media.
    Specifically the act requires that any magnetic
    media must be overwritten ten (10) times before
    being re-distributed.

http//www.legis.state.il.us/legislation/publicact
s/fulltext.asp?name093-0306
3
Why is this my Problem?
  • Surplus lacks both the man power and expertise to
    accept responsibility for scrubbing magnetic
    media
  • They deserve our thanks for accepting the scrap
    disposal responsibility

4
What does this mean for me?
  • All drives sent to surplus must be scrubbed a
    full 10 times before surplus will accept the
    drive no exceptions!
  • Formatting doesnt count
  • Degaussing doesnt work

5
What do I do with Broken Drives?
  • Broken or obsolete drives represent a major
    security problem
  • Do not simply throw them away!
  • Surplus has agreed to handle the secure disposal
    of obsolete or broken drives

6
Guidelines I
  • All electronic media must be overwritten or
    degaussed ten times (or in some cases destroyed)
    before being disposed of.
  • Electronic media deemed unusable according to
    campus property policies and procedures and
    containing data that falls into the High Risk or
    Confidential categories should be physically
    destroyed or damaged in such a way as to make
    data recovery impossible.
  • Electronic media that will be redistributed
    through centralized surplus redistribution
    processes must be overwritten or degaussed ten
    times.
  • Degaussing is only an acceptable process for
    lightweight media, such as magnetic tape or
    floppy disks. Hard drives must be overwritten or
    destroyed.
  • All media sent to central surplus equipment
    redistribution facilities must have affixed to it
    a tag affixed to the left-hand side of the face
    of the processor or the top-side cover of a
    laptop that contains with the following
    information
  • Organizational unit
  • Serial
  • Media scrubbing application (or notation that
    memory devices were appropriately
    destroyed/damaged),
  • Name of person performing the data security
    process
  • Date performed
  • Initials of the person performing the data
    security process certifying that the process was
    completed.

7
Guidelines II
  • Electronic media that is to be directly
    reassigned to a different user (such as using
    older PCs for student employees) within the
    University (i.e., items transferred without being
    sent to a central equipment redistribution
    facility)
  • If the media contained data that falls into the
    High Risk or Confidential categories the media
    should be overwritten or scrubbed one time,
    unless the intended user requires and is
    authorized to access the pre-existing data.
  • If the media contained data that falls into the
    Public category then scrubbing software does not
    need to be used however units are strongly
    encouraged to reformat or scrub magnetic media so
    as to minimize the risk of accidental disclosure.
  • Each unit should maintain a simple log of each
    device scrubbed or destroyed/damaged for security
    reasons, noting the serial number (or equivalent)
    and the inventory number (if applicable) of the
    device, as well as the same information included
    on the tag. Log entries must be retained for a
    period of one year.
  • This log does not have to be a separate file but
    may be part of a departmental subsidiary
    inventory maintenance system

8
Other Recommendations
  • Dell 67 per year to keep defective drives
    covered by warranty
  • When returning drives to manufacturer, call and
    discuss disposal/handling of returned drive
  • Be aware of the nature / sensitivity of data on
    your computers

9
Software for Disk Scrubbing
  • Disk Sanitizer (courtesy of CITES Departmental
    Services) bootable Linux
  • Active Eraser (courtesy of ACCC/UIC) Windows
  • JIIVA Superscrubber (CITES Security) bootable Mac
    OS X

10
Resources
  • http//www.cites.uiuc.edu/security/diskscrub/index
    .html
  • Downloading the software (restricted to technical
    staff)
  • Open a web browser to http//opcenter.cites.uiuc.e
    du
  • Click login
  • Enter your NetID and password
  • Click Tools
  • Click on the Security subcategory
  • Click on Recommended Disk Scrubbers
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Scrub that Drive: Complying with the Data Security on State Computers Act" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!