IT DRILLDOWN
SOA
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Portfolio Management Maturity Model at Chevron - Presentation & Discussion

November 13, 11:30 AM - 12:30 PM ET (GMT-4)

The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
Feature
 

Understanding Data Destruction: What the CIO Needs to Know.

 

By Keith Hanks

May 18, 2007CIO — News of stolen laptops that contain highly sensitive information surrounds us. Consider, for a moment, your organization and the data that resides on its laptops. Is there customer information, intellectual property, financial plans or other sensitive data? If your organization had a missing laptop would it become a news headline?

A single data loss can be devastating to a company. This can damage the company's reputation, in addition to costing the company millions of dollars. Such a breach can result in compliance violations on the federal and state level. On the federal level there are several disclosure laws already in place:

  • HIPAA (Health Insurance Portability and Accountability Act)
  • GLBA (Gramm-Leach-Bliley Act)
  • FISMA (Federal Information Security Management Act)
  • FACTA (Fair and Accurate Credit Transactions Act)
  • OMB Memo (M06-16)

According to analyst firm IDC, as much as 60 percent of corporate data resides unprotected on desktop and laptop computers. With that concentration of data, the organization must take precautionary steps to protect this sensitive information. Several solutions are available to protect the organization.


Encryption
Full disk encryption can help meet compliance requirements, but does not necessarily eliminate risk. Full disk encryption is transparent to the user, but can fail due to human error. It stops short of being a comprehensive solution if an unauthorized user gains access to the authentication credentials; should the user's password be compromised the data can instantly be decrypted and vulnerable.

Consider the internal risks. If a user becomes unauthorized (contractor term expires, employee resigns, employee is terminated) but has possession of the computer, encryption will again provide no protection. For encryption to be effective the thief must not have the ability to input the correct password.


Data Destruction
Data destruction is an emerging solution for the CIO to consider. The concept of data destruction is data on the computer is more important than the hardware, and the organization must ensure the data is destroyed with certainty and verification. Once an organization has determined the computer is unable to be recovered physically, the company can ensure the data can not be accessed. By combining encryption with data destruction Beachhead Solutions' Lost Data Destruction (LDD) offers a final step.

LDD works through client/host communication. Should a computer go missing, the administrator marks the computer as unrecoverable. The next time the computer obtains a network connection and checks in the computer will be notified of the status change and will begin the self destruction sequence. This process is straightforward, but is dependent on the computer obtaining a network connection. There are additional triggers that can be put into place should the laptop not connect to the Internet. Such triggers are based on administrator-created preset rules including, number of unsuccessful login attempts and maximum time allowed between client/host communication events. The customizable rules allow for data destruction of a particular file, folder or the entire PC.

Loading...
 
 
CENTER OF EXCELLENCE
 
Security
» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.
» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.
» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.
» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.
» E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention Solutions
Learn how this proactive implementation of a DLP solution helps ensure E-LOAN's customer trust and loyalty.
Center sponsored by

 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Secure your virtual and physical environments with the same software.

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Information Security: Data Drains and How to Prevent Loss

Prudential Financial Protects its Brand with Symantec

Quest Authentication Services: Simplify Identity Management

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Managing SSL Security in Multi-Server Environments

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Protecting Data in a Highly Networked World

How to Manage the Mobile Work Environment

Extending PCI Compliance to the Mobile Workforce

Building an Online Customer Experience Competency

Best Practices for Providing Secure and Cost-Effective Remote Access

Put Enterprise Communications on Autopilot

Portfolio Management for Effective IT Governance

Unify and Conquer: The Benefits of Unified Communications.

Data Center Asset Planning - Regaining Control of the Data Center

HP Webcast: Transforming the Data Center

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Destination: Intelligent Data Center Automation

Consolidation: Just the Starting Point for Virtualization

Security and Trust: The Backbone of Doing Business over the Internet

7 Requirements of Data Loss Prevention

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0

Quest Authentication and IBM Tivoli Identity Management

Top 10 Ways to Protect Against Web Threats

The Case for Business Software Assurance ~ Securing Your Applications

Configuration Audit and Control for Virtualized Environments

Getting in Compliance with Government Data Regulations

Solving Online Credit Fraud Using Device Reputation

File Integrity Monitoring: Secure Your Virtual & Physical IT Environments

Maximizing Site Visitor Trust Using Extended Validation SSL

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Strategies for Asia-Pacific Expansion

They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers

Learn About the Features of the Google Universal Search Solution.

Mission Impossible: Building the Right Project Metrics

Project Portfolio Management - Boost the Value of IT

Telepresence - A Realistic Solution Connecting a Global Workforce

Turn Information into a Competitive Advantage

How End-User Monitoring Can Help You Improve Customer Satisfaction

The PCI Data Security Standard

Proving Control of the Infrastructure

The Benefits of Data Deduplication for Data Protection in the Enterprise

Reap the Benefits of Unified Communications