Title :
Secure decommissioning of confidential electronically stored information (CESI): A framework for managing CESI in the disposal phase as needed
Author :
Fernando, Des ; Zavarsky, Pavol
Author_Institution :
Dept. of Inf. Syst. Security, Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
Abstract :
Retention and disposal of confidential information by an organization requires diligence. Unfortunately, the current disposal methods of Confidential Electronically Stored Information (CESI) have resulted in many security breaches and violations of existing regulations. As financial & litigation risk, loss of consumer confidence and detrimental business reputation are realities of security breaches, the objective of this research is to propose a framework for processing of CESI securely, during the disposal phase, utilizing the “sandbox” methodology to process and sanitize CESI. This is achieved by introducing categorization of information groups and using a classification scheme to depict the level of confidentiality quantified by a “value portfolio”. The thresholds in the value portfolio enables organizations to establish clear and practical security policies in processing and disposing of ESI during the Information Life Cycle (ILC).
Keywords :
organisational aspects; pattern classification; security of data; storage management; CESI; ILC; classification scheme; confidential electronically stored information; disposal phase; information groups categorization; information life cycle; organization; secure decommissioning; security breaches; security violations; value portfolio; Internet; Law; NIST; Portfolios; Security; CESI; categorization; classification; confidentiality; disposal phase; electronically stored information (ESI); information life cycle; sandbox; sanitize; security policies; value portfolio;
Conference_Titel :
Internet Security (WorldCIS), 2012 World Congress on
Conference_Location :
Guelph, ON
Print_ISBN :
978-1-4673-1108-3
