I am a small business owner, a major new client told me that they met with their internal Info Sys security team looking for me to provide them feedback on 1) how their data is handled once received, how data is stored, and how data is purged
The client will be sending me either email spreadsheets or data on CD's not sure yet. What can I report to them so I will look knowlegable on the quesitons they want to know. It is just me in the company, so i will keep the data on my hard drive, reivew it and when done with it purge it - is there some document I can send them that tells them this, in a more professional way? Or, is there something else I should be telling them?
2007-03-25 09:00:20 · 2 answers · asked by Steve F 1 in Computers & Internet ➔ Security
I don't know about evidence eliminator, I use either eraser or window washer to clean my hard disk. ReFormatting works well also.
It doesn't sound like they are concerned about hackers. Though they could be. The easy solution to that attack is to disconnect while working on their data.
What I would suggest is
1) You buy a USB hard disk, and state that all the data and any analysis derived from the data will only be on the USB hard disk. You won't be connected to the internet when the USB disk is connected to the system.
2) They should give you the data on a CD. Email isn't as secure, and then it is in your ISP's email logs.
3) When you get done, you will burn a CD, and give them the analysis.
4) Once done, you will clean the USB disk with one of the earlier mentioned products or re-format it.
All the tracks that Microsoft maintains will point to the USB disk, and the data won't be there.
That said the above procedure is probably overkill. However, if they are giving you data with social security numbers on it, they might be worried about the possibility of law suits if you don't handle it appropriately.
2007-03-26 08:13:52 · answer #1 · answered by giraffe 5 · 0⤊ 0⤋
I'm sure their biggest concern is hackers and how you will purge their data once it's no longer needed.
Maybe you can describe to them exactly what you are using for protection from hackers.
i.e. What software you are using for protection and exactly what your ISP's modem offers for protection; if you are using a router (such as a Linksys) what you have done regarding password protection etc. to preclude hackers from getting throught to your PC at all. That is all critical to a customer.
As far as purging is concerned, I have a program called Evidence Eliminator that I run periodically or after I have done "deletions" that I don't want to have remain on my hard drive.
Go to http://www.download.com and do a search on Evidence Eliminator. It will bring up several programs that overwrite sensitive data on your hard drive that you have "deleted".
Personally, I think it's a good practice to do this periodically even on your home pc just to avoid all kinds of unwanted data from being stored there. What I do is simply launch the program and let the PC run overnight. This way all the data and open spaces on the hard drive are rewritten with 1's and 0's so no unwanted data remains. Doing it this way, your PC isn't tied up during the work day while the program runs.
Hope this helps.
2007-03-25 16:18:13 · answer #2 · answered by Dick 7 · 0⤊ 0⤋