Controlled information destruction: the final frontier in preserving information security for every organisation

Information security represents the cornerstone of every data processing system that resides in an organisation’s trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation’s future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

[1]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[2]  Micah L. Sifry WikiLeaks and the Age of Transparency , 2011 .

[3]  Susan Hansche,et al.  Committee on National Security Systems , 2005 .

[4]  Steven Furnell Computer insecurity - risking the system , 2005 .

[5]  Janis Grundspenkis,et al.  Computer-based plagiarism detection methods and tools: an overview , 2007, CompSysTech '07.

[6]  Harold F. Tipton,et al.  Information security management handbook, Sixth Edition , 2003 .

[7]  Alexei Lesnykh Data loss prevention: a matter of discipline , 2011, Netw. Secur..

[8]  John Breckline Plan-Do-Check-Act , 2016 .

[9]  Ahmad-Reza Sadeghi,et al.  Flexible and secure enterprise rights management based on trusted virtual domains , 2008, STC '08.

[10]  Lida Xu,et al.  Integration of hybrid wireless networks in cloud services oriented enterprise information systems , 2012, Enterp. Inf. Syst..

[11]  Corey D. Schou,et al.  A Model for Information Assurance : An Integrated Approach , 2001 .

[12]  Teresa Susana Mendes Pereira,et al.  An audit framework to support information system security management , 2010, Int. J. Electron. Secur. Digit. Forensics.

[13]  Radia Perlman,et al.  The ephemerizer: making data disappear , 2005 .

[14]  Mario Piattini,et al.  Building ISMS through the Reuse of Knowledge , 2010, TrustBus.

[15]  Yongyan Li,et al.  Text-Based Plagiarism in Scientific Publishing: Issues, Developments and Education , 2012, Sci. Eng. Ethics.

[16]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[17]  Herbert J. Mattord,et al.  Principles of Information Security, 4th Edition , 2011 .

[18]  Alex Doboli,et al.  Self-destruction Procedure for Cluster-tree Wireless Sensor Networks , 2009, WINSYS.

[19]  Richard Kissel,et al.  Guidelines for Media Sanitization , 2006 .

[20]  Tom Carlson,et al.  Understanding Information Security Management Systems , 2008 .

[21]  J. Eloff,et al.  Information security management: a new paradigm , 2003 .

[22]  Daniel Curiac,et al.  Energy-driven methodology for node self-destruction in wireless sensor networks , 2009, 2009 5th International Symposium on Applied Computational Intelligence and Informatics.

[23]  Elisa Bertino,et al.  Defending against insider threats and internal data leakage , 2012, Secur. Commun. Networks.

[24]  Marianne Swanson,et al.  SP 800-18 Rev. 1. Guide for Developing Security Plans for Federal Information Systems , 2006 .

[25]  Hermann A. Maurer,et al.  Plagiarism - A Survey , 2006, J. Univers. Comput. Sci..