Escolar Documentos
Profissional Documentos
Cultura Documentos
assets
Sims Metal Management Limited
ASX Code: SGM
NYSE Code: SMS
20/05/2010
Agenda
2
The Methods of Retrieving Data
3
Examples of Data Leakage
• In 2009 a Hard Disk from eBay yielded secrets of the Lockheed Martin’s
THAAD Missile Defence System (Star Wars)
– Names and phone numbers, templates for Lockheed, design documents, subcontractor
documents, security policies and blueprints of facilities, as well as a Lockheed Test
Launch Procedure PDF, employee personal info and social security numbers
• 2010: Warehouse in New Jersey - 4 photocopiers were randomly bought
$300 each
– New York Police Sex Crimes Division, papers still left on copier but lists of offenders and
victims were found on a hard drive
– New York Narcotics Division, list of targets for major drugs raid
– 95 pages of names, pay stubs and social security numbers
– 300 pages of individual health records
• 2010 study into 43 USB Sticks bought on eBay
– 2 (4%) were damaged and as a result, unreadable.
– 2 (4%) had been effectively cleaned and contained no recoverable data
– 20 (46% of the readable USB Storage devices) had been deleted or formatted, but still
contained recoverable data.
– 41 (95% of the readable USB Storage devices) contained data that could be easily
recovered,
• 8 (40%) contained sufficient information for the organisation that they had come
from to be identified.
• 14 (70%) contained sufficient information for individuals to be identified.
Methods of retrieving data
• Pros
– Data never leaves your location, so there is no risk of loss during transport to
a processing facility
– Data is destroyed by your own trusted staff
• Cons
– Destruction systems can be expensive and low volume processing will mean
a long return on investment
– If staff are not fully trained and focused on task, they may miss items
– Lack of space and/or resources to ensure segregation between data
destroyed and non-data destroyed units
– Data destruction can be a time consuming process
– Your company will still have to deal with a third party to ensure appropriate
treatment of “waste” data destroyed units
Pros and Cons of outsourced solutions
• Pros
– No capital investment required
– Experts at data destruction using best practices
• May even operate to better standard than client’s
– Third parties are able to handle multiple destruction methods and also advise on
the best methods for particular items
– There does not need to be any volume issues through a third party
– Waste disposal compliant with regulations
– If something goes wrong, you have a liable partner with appropriate insurance
• Cons
– Data may be transported from your location (however new on-site services
available or alternatively ensure your supplier has secure logistics)
– Data is handled/destroyed by non-employees
– May require minimum destruction quantities greater than your needs
– There are different types of contract available for electronic asset management,
you might get tied into a bad one, if inexperienced at asking right questions
– If hardware is not disposed of properly, you could be included in a environmental
liability case (check the credentials of the company involved)
Recognised methods for destroying data
• Advantages: • Disadvantages:
– Equipment can be reused – Report of destruction only (no
– Software asset register can be visual confirmation)
retrieved
– Service can be tailored to needs – Only suitable for certain devices
(control costs) – Relatively slow and labour
– Highly portable intensive
Data Destruction – Hardware based, Degaussers
• Advantages • Disadvantages
– Potentially suitable for any – No “visual” confirmation of
type of electronic equipment successful destruction
– A medium speed for – No ability to “report” on
processing success of destruction
– Highly portable – Operator dependant
– No reuse potential
– Component materials can
be recycled
Data Destruction – Physical destruction
• Advantages: • Disadvantages
– Fast processing – Not available for reuse
– New services are – Fixed facility operators will
transportable for “on-site” require secure transport
destruction
– Component materials can
be recycled
– Visual confirmation of
secure destruction
Understanding ICT Equipment
• Information
– Comprehensive company
information
• Data Risk (100Gb
upwards)
• Recommended Disposal
– Software (allows reuse)
– Physical Destruction
(perceived as more secure)
Printers, Scanners, Copiers, Faxes
• Data Risk
– Almost any company data is
conceivable
– 1Gb up to 100Gbs
• Recommended Disposal
– No current (ratified) method
of achieving software
deletion
– Physical Destruction
Communications devices
• Data Risk
– Not company data but do contain
network‐specific data such as static IP
addresses which expose networks to external
risk of infiltration
• Recommended Disposal
– Physical Destruction
Point of sale, retail debit/credit terminals
• Data Risk
– Some contain flash memory
• Information
– May contain personal
credit/debit information
• Recommended Disposal
– Physical Destruction
Specialist equipment
• What other information would you find useful to know about your
redundant electronic assets?
Sims Recycling Solutions
ICT Asset Management
Sims Metal Management Limited
ASX Code: SGM
NYSE Code: SMS
Canada EU
Illinois
1 Operation 12 Operations
2 Operations
Asia
Representative
offices
California
3 Operations
Singapore
1 Operation
Arizona
1 Operation
Australia
Nevada 4 Operations
1 Operation
South
Carolina
2 Operations
Florida South Africa India New Zealand
Tennessee 2 Operations 1 Operation 3 Operations 1 Operation
1 Operation
35 Operations Globally
38