際際滷

際際滷Share a Scribd company logo

An Introduction to Asset Recovery

Download as PPT, PDF
M
mylespilkington

The document discusses various methods for securely destroying data from retired electronic assets. It describes how data can still be retrieved from devices like hard drives even after being deleted unless properly destroyed. It then outlines different recognized methods for destroying data securely, including software-based wiping, hardware degaussing, and physical destruction. It discusses the advantages and disadvantages of each method and when they would be appropriately applied. It also provides an overview of Sims Recycling Solutions and why they are experts in electronic asset and data destruction management.

1 of 38
Downloaded 24 times
Securing the data on your retired electronic assets Information Governance, Risk and Compliance 20/05/2010
Agenda What are the methods for retrieving data? What are the recognised methods for destroying data, their advantages and disadvantages Understanding ICT equipment, the potential data it holds and how best to destroy it Methods of raising awareness for the need of a secure asset retirement program Information about your data understanding what has been destroyed In summary who are Sims Recycling Solutions Why we are experts
The Methods for Retrieving Data With gratitude to Pete Warren, Investigative Journalist (ICT Industry)
Examples of Data Leakage In 2005 100 Hard Disk Drives bought on eBay for 贈5 each 1 in 7 had valuable data on including Paul McArtneys financial records Pension plans, customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for one of Europes largest financial services groups August 2008, computer bought on eBay for 贈35 Held personal data on a million customers from RBS, NatWest and American Express (accidentally sold by their data holding company) 2008 Mobile phones case study Glamorgan University 161 phones were randomly bought on eBay: 82 still worked and of that: 7% were deemed to hold enough info to allow for stolen identity 7% would have allowed corporate fraud to take place Of the Blackberrys bought: 27% carried company data and 16% carried personal data One well-known Australian Senior Businessmans phone revealed details of illicit affair
Examples of Data Leakage In 2009 Hard Disk from eBay yielded secrets of the Lockheed Martins THAAD Missile Defence System (Star Wars) Names and phone numbers, templates for Lockheed, design documents, subcontractor documents, security policies and blueprints of facilities, as well as a Lockheed Test Launch Procedure PDF, employee personal info and social security numbers 2010: Warehouse in New Jersey - 4 photocopiers were randomly bought $300 each New York Police Sex Crimes Division, papers still left on copier but lists of offenders and victims were found on hard drive New York Narcotics Division, list of targets for major drugs raid 95 pages of names, pay stubs and social security numbers 300 pages of individual health records 2010 study into 43 USB Sticks bought on eBay 2 (4%) were damaged and as a result, unreadable. 2 (4%) had been effectively cleaned and contained no recoverable data 20 (46% of the readable USB Storage devices) had been deleted or formatted, but still contained recoverable data. 41 (95% of the readable USB Storage devices) contained data that could be easily recovered, 8 (40%) contained sufficient information for the organisation that they had come from to be identified. 14 (70%) contained sufficient information for individuals to be identified.
Methods of retrieving data Recovery of data from equipment is incredibly sophisticated Recovery of data can be achieved from almost any device HDD from Shuttle Columbias black box Found in dried up lake bed alongside Shuttle debris 6 months after the catastrophe Within 2 days Kroll Ontrack Inc. had recovered 99% of data
Pros and Cons of in-house solutions Pros Data never leaves your location, so there is no risk of loss during transport to a processing facility Data is destroyed by your own trusted staff Cons Destruction systems can be expensive and low volume processing will mean a long return on investment If staff are not fully trained and focused on task, they may miss items Lack of space and/or resources to ensrue segregation between data destroyed and non-data destroyed units Data destruction can be a time consuming process Your company will still have to deal with a third party to ensure appropriate treatment of waste data destroyed units
Pros and Cons of outsourced solutions Pros No capital investment required Experts at data destruction using best practices May even operate to better standard than clients Third parties are able to handle multiple destruction methods and also advise on the best methods for particular items There does not need to be any volume issues through a third party Waste disposal compliant with regulations If something goes wrong, you have a liable partner with appropriate insurance Cons Data may be transported off of your location (however new on-site services available or alternatively ensure your supplier has secure logistics) Data is handled/destroyed by non-employees May require minimum destruction quantities greater than your needs There are different types of contract available for electronic asset management, you might get tied into a bad one, if inexperienced at asking right questions If hardware is not disposed of properly, you could be included in a environmental liability case (check the credentials of the company involved)
Recognised methods for destroying data Advantages and Disadvantages
What knowledge exists on data destruction? What are the standards that exist within this area? What methods exist to achieve data destruction?
Data Destruction - terminology Guidance on secure data destruction is detailed in: HMG IA Standard No. 5, Secure Sanitisation of Protectively Marked or Sensitive Information, Issue 3.1, October 2009 Set standards for data erasure on magnetic, semiconductor and optical media through overwriting and degaussing CESG (Communications Electronic Security Group) National Technical Authority for Information Assurance Concerned with data security through software deletion & degaussing Hardware destruction to acheive secure data destruction, to Government Standards, requires granulation to less than 6mm List X - Capability to transport, store & manage protectively marked data Impact Level (IL) IL Descriptor of Data Secure Sanitation Level (SSL) High or low security 6 Top Secret SSL3 High 5 Secret SSL3 High 4 Confidential SSL2 High 3 Restricted SSL2 Low 2 Protect SSL1 Low 1 Protect SSL1 Low
Data Destruction Software based Examples of bespoke software certified by CESG Blancco, DESlock, IBAS Expert Eraser, Kroll Ontrack, UltraErase Capable of SSL1 SSL3 depending on the software solution Systems tested and ratified by QinetiQ An appropriate system must use a trusted boot procedure to ensure malicious code cannot be executed Appropriate systems must give you a detailed report on: The disk capacity to be overwritten The number user addressable areas that HAVE and HAVE NOT been overwritten The number of bad or unusable sectors that CANNOT be overwritten An overwriting sequence consists of overwrites a binary number (Octet), followed by its complement, followed by a random sequence
Data Destruction Software based The overwriting sequence can be repeated up to seven times depending on security requirements (to ensure full overwriting) Advantages: Equipment can be reused Software asset register can be retrieved Service can be tailored to needs (control costs) Highly portable Disadvantages: Report of destruction only (no visual confirmation) Only suitable for certain devices Relatively slow and labour intensive Original Data Data Wipe (1 st pass)... Data Wipe (2 nd pass)... ... Subsequent passes.
Data Destruction Hardware based, Degaussers Examples of Degaussers approved by CESG: Verity (Verity Systems); Hard Disk Magnet Crusher (Future Technology Industry); Equipment that generates a magnetic field powerful enough to destroy magnetically stored information on hard drives or solid state memory devices Coercivity is the power of the magnetic field required to reduce the materials magnetisation to zero, some equipment requires higher ratings than other equipment (measured in Oersteds, Oe) Standards The CESG standard approves equipment for both the higher and lower levels of security Degaussers must be tested and retested for effectiveness: Initially; whenever required by CESG; regular user testing
Data Destruction Hardware based, Degaussers Advantages Potentially suitable for any type of electronic equipment A medium speed for processing Highly portable Component materials can be recycled Disadvantages No visual confirmation of successful destruction No ability to report on success of destruction Operator dependant No reuse potential
Data Destruction Physical destruction Government Standards exist for Central Destruction Facility Standard refers to an approved facility capable of certified destruction Approved organisations must all be certified to ISO9000 quality systems Destruction equipment Standard refers to the equipment used for the certified destruction HMG IA standard generally refers to the use of a granulator to reduce equipment to flakes of less than 6mm in size Other appropriate methods of destruction include: fire; abrasion; explosives/thermite!!! With right systems in place, these systems are capable of safely destroying up to IL6 Often the granulated material is then sent to recovery facility Mixed with other high grade material Processed into constituent materials via magnet systems, etc.
Data Destruction Physical destruction Advantages: Fast processing New services are transportable for on-site destruction Component materials can be recycled Visual confirmation of secure destruction Disadvantages Not available for reuse Fixed facility operators will require secure transport
Understanding ICT Equipment Data risk by equipment and how to destroy it
What equipment is at risk? Open discussion what equipment is at risk and what is the extent of that risk?
Desktop, laptops, servers Information Comprehensive company information Data Risk (100Gb upwards) Recommended Disposal Software (allows reuse) Physical Destruction (perceived as more secure)
Printers, Scanners, Copiers, Faxes Data Risk many contain: Internal hard drive (around 4Gb 20Gb) Digital flash card (1Gb) Data is retained until overwritten Information Personnel Records, Passports, Reports Recommended Disposal Software (allows reuse for high value equipment) Physical Destruction for desk top units (low value)
Data storage media Data Risk Almost any company data is conceivable 1Gb up to 100Gbs Recommended Disposal No current (ratified) method of achieving software deletion Physical Destruction
Communications devices Data Risk includes: 1Gb+ flash and hard drive memories Information Personal data, bank accounts etc. Contacts Emailed documents Satellite navigation data addresses These devices are only just getting data deletion options Ratified methods for software erasure only now being developed (Blancco) Recommended Disposal Hardware destruction
Network equipment Routers and Switches Data Risk Not company data but do contain network specific data such as static IP addresses which expose networks to external risk of infiltration Recommended Disposal Physical Destruction
Point of sale, retail debit/credit terminals Data Risk Some contain flash memory Information May contain personal credit/debit information Recommended Disposal Physical Destruction
Specialist equipment Medical and military equipment, etc Data Risk Operation dependant Recommended Disposal Physical Destruction
Methods of Raising Awareness How to kick start a secure asset recovery strategy
Methods of raising awareness open discussion Survey conducted at Information Security 2009 37% of employees would give away company info in exchange for a bribe Of that 37% the percentage breakdown of bribe was: 63%... 贈1 million 10%... Their mortgage paid off 5%... For a holiday 5%... For a new job 4%... Paying off Credit Card debt 2%... For a free slap up meal!!! 68% of employees felt it would be easy to sneak data out of a company In this culture, what are the possible ways to raise awareness for the issues of data security?
Information about your data Understanding what has been destroyed
Blancco Data Erasure Report page 1
Blancco Data Erasure Report page 2
WebView - Client billing report Asset Tag Data Recovery Details Unit re-use, recycle Unique Blancco reference number
WebView - Deleted software register report Activity and Tracking ID Unit type Serial number of Unit Operating System/License Software product deleted
Information about your assets and data What other information would you find useful to know about your redundant electronic assets?
Sims Recycling Solutions ICT Asset Management In summary Why we are experts
Sims Recycling Solutions - Global Turnover as part of Sims Metal Management - circa 5 bn. Worlds largest metals recycler (public company ASX/NYSE) In 2009, Carbon Footprint was 319,256 Tonnes. Less than 3% of the total carbon saved by our activities over 13.6 Million Tonnes The worlds largest electronics recovery and recycling company 38 facilities world-wide Over 400,000 tonnes of Electronics recovered annually The equivalent to over 25 Million Desktop Computers Excludes non-hazardous Large Domestic Appliances (Metal Management) Over 1.7m individual assets recovered for reuse annually Over 15m individual Integrated Circuits recovered Innovests Global 100 most sustainable companies 2010 (released at the Davos Summit 2010)
Standards and Licenses Management Systems in use, certified at all but 1 EU site: ISO 9001:2000 - Quality standard ISO 14001 - Environmental standard OHSAS 18001 - H&S standard Asset Recovery operations have or are working towards ISO 27001 - Security management standard Permits for: All sites are registered to be Authorised Treatment Facilities for WEEE Belgium, registered as Producer Compliance Scheme Hazardous Waste Regulations (approved handling and storage) Electronic scrap and End of Life products Waste Management and Waste Carrier licences Relevant technical competence qualifications (e.g. WAMITAB CoTC, UK) Approved Microsoft Approved Refurbisher status (MAR) Data and Hardware destruction completed to: HMG IA Standard No. 5 - Secure Sanitisation of Protectively Marked or Sensitive Information, Issue 3.1, October 2009 Where necessary granulation of hardware can be achieved to less than 6mm in line with Government Standards
Global Operations Sims Recycling Solutions 38 Operations Globally Australia 4 Operations EU 14 Operations California 3 Operations Asia Representative offices Tennessee 1 Operation Canada 1 Operation Illinois 2 Operations India 3 Operations Singapore 1 Operation Florida 2 Operations South Carolina 2 Operations Louisiana 1 Operation Nevada 1 Operation Arizona 1 Operation New Zealand 1 Operation South Africa 1 Operations

More Related Content

An Introduction to Asset Recovery

  • 1. Securing the data on your retired electronic assets Information Governance, Risk and Compliance 20/05/2010
  • 2. Agenda What are the methods for retrieving data? What are the recognised methods for destroying data, their advantages and disadvantages Understanding ICT equipment, the potential data it holds and how best to destroy it Methods of raising awareness for the need of a secure asset retirement program Information about your data understanding what has been destroyed In summary who are Sims Recycling Solutions Why we are experts
  • 3. The Methods for Retrieving Data With gratitude to Pete Warren, Investigative Journalist (ICT Industry)
  • 4. Examples of Data Leakage In 2005 100 Hard Disk Drives bought on eBay for 贈5 each 1 in 7 had valuable data on including Paul McArtneys financial records Pension plans, customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for one of Europes largest financial services groups August 2008, computer bought on eBay for 贈35 Held personal data on a million customers from RBS, NatWest and American Express (accidentally sold by their data holding company) 2008 Mobile phones case study Glamorgan University 161 phones were randomly bought on eBay: 82 still worked and of that: 7% were deemed to hold enough info to allow for stolen identity 7% would have allowed corporate fraud to take place Of the Blackberrys bought: 27% carried company data and 16% carried personal data One well-known Australian Senior Businessmans phone revealed details of illicit affair
  • 5. Examples of Data Leakage In 2009 Hard Disk from eBay yielded secrets of the Lockheed Martins THAAD Missile Defence System (Star Wars) Names and phone numbers, templates for Lockheed, design documents, subcontractor documents, security policies and blueprints of facilities, as well as a Lockheed Test Launch Procedure PDF, employee personal info and social security numbers 2010: Warehouse in New Jersey - 4 photocopiers were randomly bought $300 each New York Police Sex Crimes Division, papers still left on copier but lists of offenders and victims were found on hard drive New York Narcotics Division, list of targets for major drugs raid 95 pages of names, pay stubs and social security numbers 300 pages of individual health records 2010 study into 43 USB Sticks bought on eBay 2 (4%) were damaged and as a result, unreadable. 2 (4%) had been effectively cleaned and contained no recoverable data 20 (46% of the readable USB Storage devices) had been deleted or formatted, but still contained recoverable data. 41 (95% of the readable USB Storage devices) contained data that could be easily recovered, 8 (40%) contained sufficient information for the organisation that they had come from to be identified. 14 (70%) contained sufficient information for individuals to be identified.
  • 6. Methods of retrieving data Recovery of data from equipment is incredibly sophisticated Recovery of data can be achieved from almost any device HDD from Shuttle Columbias black box Found in dried up lake bed alongside Shuttle debris 6 months after the catastrophe Within 2 days Kroll Ontrack Inc. had recovered 99% of data
  • 7. Pros and Cons of in-house solutions Pros Data never leaves your location, so there is no risk of loss during transport to a processing facility Data is destroyed by your own trusted staff Cons Destruction systems can be expensive and low volume processing will mean a long return on investment If staff are not fully trained and focused on task, they may miss items Lack of space and/or resources to ensrue segregation between data destroyed and non-data destroyed units Data destruction can be a time consuming process Your company will still have to deal with a third party to ensure appropriate treatment of waste data destroyed units
  • 8. Pros and Cons of outsourced solutions Pros No capital investment required Experts at data destruction using best practices May even operate to better standard than clients Third parties are able to handle multiple destruction methods and also advise on the best methods for particular items There does not need to be any volume issues through a third party Waste disposal compliant with regulations If something goes wrong, you have a liable partner with appropriate insurance Cons Data may be transported off of your location (however new on-site services available or alternatively ensure your supplier has secure logistics) Data is handled/destroyed by non-employees May require minimum destruction quantities greater than your needs There are different types of contract available for electronic asset management, you might get tied into a bad one, if inexperienced at asking right questions If hardware is not disposed of properly, you could be included in a environmental liability case (check the credentials of the company involved)
  • 9. Recognised methods for destroying data Advantages and Disadvantages
  • 10. What knowledge exists on data destruction? What are the standards that exist within this area? What methods exist to achieve data destruction?
  • 11. Data Destruction - terminology Guidance on secure data destruction is detailed in: HMG IA Standard No. 5, Secure Sanitisation of Protectively Marked or Sensitive Information, Issue 3.1, October 2009 Set standards for data erasure on magnetic, semiconductor and optical media through overwriting and degaussing CESG (Communications Electronic Security Group) National Technical Authority for Information Assurance Concerned with data security through software deletion & degaussing Hardware destruction to acheive secure data destruction, to Government Standards, requires granulation to less than 6mm List X - Capability to transport, store & manage protectively marked data Impact Level (IL) IL Descriptor of Data Secure Sanitation Level (SSL) High or low security 6 Top Secret SSL3 High 5 Secret SSL3 High 4 Confidential SSL2 High 3 Restricted SSL2 Low 2 Protect SSL1 Low 1 Protect SSL1 Low
  • 12. Data Destruction Software based Examples of bespoke software certified by CESG Blancco, DESlock, IBAS Expert Eraser, Kroll Ontrack, UltraErase Capable of SSL1 SSL3 depending on the software solution Systems tested and ratified by QinetiQ An appropriate system must use a trusted boot procedure to ensure malicious code cannot be executed Appropriate systems must give you a detailed report on: The disk capacity to be overwritten The number user addressable areas that HAVE and HAVE NOT been overwritten The number of bad or unusable sectors that CANNOT be overwritten An overwriting sequence consists of overwrites a binary number (Octet), followed by its complement, followed by a random sequence
  • 13. Data Destruction Software based The overwriting sequence can be repeated up to seven times depending on security requirements (to ensure full overwriting) Advantages: Equipment can be reused Software asset register can be retrieved Service can be tailored to needs (control costs) Highly portable Disadvantages: Report of destruction only (no visual confirmation) Only suitable for certain devices Relatively slow and labour intensive Original Data Data Wipe (1 st pass)... Data Wipe (2 nd pass)... ... Subsequent passes.
  • 14. Data Destruction Hardware based, Degaussers Examples of Degaussers approved by CESG: Verity (Verity Systems); Hard Disk Magnet Crusher (Future Technology Industry); Equipment that generates a magnetic field powerful enough to destroy magnetically stored information on hard drives or solid state memory devices Coercivity is the power of the magnetic field required to reduce the materials magnetisation to zero, some equipment requires higher ratings than other equipment (measured in Oersteds, Oe) Standards The CESG standard approves equipment for both the higher and lower levels of security Degaussers must be tested and retested for effectiveness: Initially; whenever required by CESG; regular user testing
  • 15. Data Destruction Hardware based, Degaussers Advantages Potentially suitable for any type of electronic equipment A medium speed for processing Highly portable Component materials can be recycled Disadvantages No visual confirmation of successful destruction No ability to report on success of destruction Operator dependant No reuse potential
  • 16. Data Destruction Physical destruction Government Standards exist for Central Destruction Facility Standard refers to an approved facility capable of certified destruction Approved organisations must all be certified to ISO9000 quality systems Destruction equipment Standard refers to the equipment used for the certified destruction HMG IA standard generally refers to the use of a granulator to reduce equipment to flakes of less than 6mm in size Other appropriate methods of destruction include: fire; abrasion; explosives/thermite!!! With right systems in place, these systems are capable of safely destroying up to IL6 Often the granulated material is then sent to recovery facility Mixed with other high grade material Processed into constituent materials via magnet systems, etc.
  • 17. Data Destruction Physical destruction Advantages: Fast processing New services are transportable for on-site destruction Component materials can be recycled Visual confirmation of secure destruction Disadvantages Not available for reuse Fixed facility operators will require secure transport
  • 18. Understanding ICT Equipment Data risk by equipment and how to destroy it
  • 19. What equipment is at risk? Open discussion what equipment is at risk and what is the extent of that risk?
  • 20. Desktop, laptops, servers Information Comprehensive company information Data Risk (100Gb upwards) Recommended Disposal Software (allows reuse) Physical Destruction (perceived as more secure)
  • 21. Printers, Scanners, Copiers, Faxes Data Risk many contain: Internal hard drive (around 4Gb 20Gb) Digital flash card (1Gb) Data is retained until overwritten Information Personnel Records, Passports, Reports Recommended Disposal Software (allows reuse for high value equipment) Physical Destruction for desk top units (low value)
  • 22. Data storage media Data Risk Almost any company data is conceivable 1Gb up to 100Gbs Recommended Disposal No current (ratified) method of achieving software deletion Physical Destruction
  • 23. Communications devices Data Risk includes: 1Gb+ flash and hard drive memories Information Personal data, bank accounts etc. Contacts Emailed documents Satellite navigation data addresses These devices are only just getting data deletion options Ratified methods for software erasure only now being developed (Blancco) Recommended Disposal Hardware destruction
  • 24. Network equipment Routers and Switches Data Risk Not company data but do contain network specific data such as static IP addresses which expose networks to external risk of infiltration Recommended Disposal Physical Destruction
  • 25. Point of sale, retail debit/credit terminals Data Risk Some contain flash memory Information May contain personal credit/debit information Recommended Disposal Physical Destruction
  • 26. Specialist equipment Medical and military equipment, etc Data Risk Operation dependant Recommended Disposal Physical Destruction
  • 27. Methods of Raising Awareness How to kick start a secure asset recovery strategy
  • 28. Methods of raising awareness open discussion Survey conducted at Information Security 2009 37% of employees would give away company info in exchange for a bribe Of that 37% the percentage breakdown of bribe was: 63%... 贈1 million 10%... Their mortgage paid off 5%... For a holiday 5%... For a new job 4%... Paying off Credit Card debt 2%... For a free slap up meal!!! 68% of employees felt it would be easy to sneak data out of a company In this culture, what are the possible ways to raise awareness for the issues of data security?
  • 29. Information about your data Understanding what has been destroyed
  • 30. Blancco Data Erasure Report page 1
  • 31. Blancco Data Erasure Report page 2
  • 32. WebView - Client billing report Asset Tag Data Recovery Details Unit re-use, recycle Unique Blancco reference number
  • 33. WebView - Deleted software register report Activity and Tracking ID Unit type Serial number of Unit Operating System/License Software product deleted
  • 34. Information about your assets and data What other information would you find useful to know about your redundant electronic assets?
  • 35. Sims Recycling Solutions ICT Asset Management In summary Why we are experts
  • 36. Sims Recycling Solutions - Global Turnover as part of Sims Metal Management - circa 5 bn. Worlds largest metals recycler (public company ASX/NYSE) In 2009, Carbon Footprint was 319,256 Tonnes. Less than 3% of the total carbon saved by our activities over 13.6 Million Tonnes The worlds largest electronics recovery and recycling company 38 facilities world-wide Over 400,000 tonnes of Electronics recovered annually The equivalent to over 25 Million Desktop Computers Excludes non-hazardous Large Domestic Appliances (Metal Management) Over 1.7m individual assets recovered for reuse annually Over 15m individual Integrated Circuits recovered Innovests Global 100 most sustainable companies 2010 (released at the Davos Summit 2010)
  • 37. Standards and Licenses Management Systems in use, certified at all but 1 EU site: ISO 9001:2000 - Quality standard ISO 14001 - Environmental standard OHSAS 18001 - H&S standard Asset Recovery operations have or are working towards ISO 27001 - Security management standard Permits for: All sites are registered to be Authorised Treatment Facilities for WEEE Belgium, registered as Producer Compliance Scheme Hazardous Waste Regulations (approved handling and storage) Electronic scrap and End of Life products Waste Management and Waste Carrier licences Relevant technical competence qualifications (e.g. WAMITAB CoTC, UK) Approved Microsoft Approved Refurbisher status (MAR) Data and Hardware destruction completed to: HMG IA Standard No. 5 - Secure Sanitisation of Protectively Marked or Sensitive Information, Issue 3.1, October 2009 Where necessary granulation of hardware can be achieved to less than 6mm in line with Government Standards
  • 38. Global Operations Sims Recycling Solutions 38 Operations Globally Australia 4 Operations EU 14 Operations California 3 Operations Asia Representative offices Tennessee 1 Operation Canada 1 Operation Illinois 2 Operations India 3 Operations Singapore 1 Operation Florida 2 Operations South Carolina 2 Operations Louisiana 1 Operation Nevada 1 Operation Arizona 1 Operation New Zealand 1 Operation South Africa 1 Operations

Editor's Notes

  • #2: Every year we throw away more data than has ever been housed in the worlds libraries. On PC, hard drives, photo-copier hard drives, Personal Digital Assistants, Smart Phones, tape drives, USB sticks and CD-Roms the list is endless and the amount of data virtually limitless. Everything is thrown away from company and state secrets, intensely personal information on our private lives and those of our families to the health records and data on complete strangers.
  • #29: This report is a year out of date and was taking part at the height of the credit crunch when loyalty may have been lower due to the working culture. However it does highlight how little store employees may place on your data. One method to address this is to improve the control mechanisms in an organisation. Another is to highlight the risks involved and to educate people into why information governance is important. Before we talk about a successful method we have used to highlight the issues surrounding end of life equipment to as a vehicle to improve understanding of data loss, we thought to ask: What are the advantages and Disadvantages of Improving Control? What are the advantages and disadvantages of improving culture through education? What methods might exist for achieving that culture change?
  • #35: What information would you like to see available from electronic Asset Recovery reporting?
  • #38: ISO - International Standards Organisation OHSAS - Occupational Health & Safety Advisory Services WAMITAB Waste Management Industry Training and Advisory Board CoTC Certificate of Technical Competence
  • #39: Go check with Tom.