Asset Disposal and Information Security Alliance

Last updated

Founded in 2010, ADISA Certification Limited (Formerly called The Asset Disposal and Information Security Alliance ) is a certification body for companies who provide IT Asset Disposal services and to manufacturers and developers of software and hardware data sanitisation solutions. [1] [2]

The ADISA Asset Recovery Standard (for service providers) is an industry standard. The audit team, based in Hertfordshire, has performed over 500 audits in 17 counties since its inception.[ citation needed ] In July 2021, the ADISA ICT Asset Recovery Standard 8.0 was formally approved by the UK Information Commissioner's Office as a UK GDPR Certification Scheme.[ citation needed ]

In 2019, ADISA brought the forensic testing in house and launched the ADISA Research Centre (ARC). The ARC delivers the product certification schemes for software and hardware data sanitization tools. The ADISA Product Claims and Product Assurance Schemes are different levels of product testing for data sanitization tools.  

·        The Product Claims Test (PCT) scientifically evaluates the claim behind the data sanitization capabilities of a software or hardware device to determine its validity.

·        The Product Assurance Test offers a higher level of assurance than the PCT; it requires a larger sample size to be forensically analysed and measures the vendors of the software or hardware device against a range of requirements.

ADISA won the 2020 Computer Security Magazine - One to Watch award to follow up on previous wins including 2019 Computer Security Compliance Company of the year [3] award and Training Provider of the Year (2015). [4] The ADISA Standard is recognised as an industry standard of merit by the UK Defence Infosec Product Co-Operation Group (DIPCOG) [2] and listed on the National Cyber Security Centre’s guidance for companies when disposing of IT assets. [5]

ADISA maintains a YouTube channel called "ADISA Media Centre" where they provide latest information from the group in various formats.

See also

Related Research Articles

Configuration management Process for maintaining consistency of a product attributes with its design

Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. The CM process is widely used by military engineering organizations to manage changes throughout the system lifecycle of complex systems, such as weapon systems, military vehicles, and information systems. Outside the military, the CM process is also used with IT service management as defined by ITIL, and with other domain models in the civil engineering and other industrial engineering segments such as roads, bridges, canals, dams, and buildings.

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

Gene Spafford

Eugene Howard Spafford, nicknamed Spaf, is an American professor of computer science at Purdue University and a leading computer security expert.

The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.

Vulnerability (computing) Exploitable weakness in a computer system

In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface.

Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written to the media, or through physical properties of the storage media that allow previously written data to be recovered. Data remanence may make inadvertent disclosure of sensitive information possible should the storage media be released into an uncontrolled environment.

Computer recycling

Computer recycling, electronic recycling or e-waste recycling is the disassembly and separation of components and raw materials of waste electronics. Although the procedures of re-use, donation and repair are not strictly recycling, these are other common sustainable ways to dispose of IT waste.

IT security standards Technology standards and techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization

IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses not only digital protections but also physical techniques. These protections apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to ITIL, SAM is defined as “…all of the infrastructure and processes necessary for the effective management, control, and protection of the software assets…throughout all stages of their lifecycle.” Fundamentally intended to be part of an organization's information technology business strategy, the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity. SAM is particularly important for large corporations in regard to redistribution of licenses and managing legal risks associated with software ownership and expiration. SAM technologies track license expiration, thus allowing the company to function ethically and within software compliance regulations. This can be important for both eliminating legal costs associated with license agreement violations and as part of a company's reputation management strategy. Both are important forms of risk management and are critical for large corporations' long-term business strategies.

Tech Advisor, previously known as PC Advisor, is a consumer tech website and digital magazine published by Foundry, a subsidiary of IDG Inc, which also produces Macworld, PCWorld and TechHive. IDG Inc was acquired by Blackstone in 2021.

EnCase

EnCase is the shared technology within a suite of digital investigations products by Guidance Software. The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. Encase is traditionally used in forensics to recover evidence from seized hard drives. Encase allows the investigator to conduct in depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.

Data erasure is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media by using zeros and ones to overwrite data onto all sectors of the device. By overwriting the data on the storage device, the data is rendered irrecoverable and achieves data sanitization.

Blancco Ltd. is an international data security company that specializes in data erasure and computer reuse for corporations, governments and computer remarketing companies. Founded and headquartered in Joensuu, Finland, the company operates from offices across Europe, North America, Middle East, Asia, and Australasia. Blancco is a wholly owned subsidiary of Regenersis, a strategic outsourcing company to consumer technology companies.

Belarc

Belarc's products are used for software license management, configuration management, cyber security status, information assurance audits, IT asset management, and more.

Security information and event management Computer security

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes. The term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005.

The Host Based Security System (HBSS) is the official name given to the United States Department of Defense (DOD) commercial off-the-shelf (COTS) suite of software applications used within the DOD to monitor, detect, and defend the DOD computer networks and systems. The Enterprise-wide Information Assurance and computer Network Defense Solutions Steering Group (ESSG) sponsored the acquisition of the HBSS System for use within the DOD Enterprise Network. HBSS is deployed on both the Non-Classified Internet Protocol Routed Network (NIPRNet) and Secret Internet Protocol Routed Network (SIPRNet) networks, with priority given to installing it on the NIPRNet. HBSS is based on McAfee, Inc's ePolicy Orchestrator (ePO) and other McAfee point product security applications such as Host Intrusion Prevention System (HIPS).

The cyber security community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy. The following is a list of some of these stakeholders.

William "Chuck" Easttom II is an American computer scientist specializing in cyber security.

References

  1. How ADISA is helping companies reduce data security exposures Archived December 17, 2014, at the Wayback Machine , Green Oaks Solutions
  2. 1 2 Calvert, Toney. "Welcome to ADISA. Asset Disposal & Information Security Alliance" . Retrieved 2020-04-06.
  3. "Computing Security Awards". www.storagemagazine.co.uk. Retrieved 2020-04-06.
  4. "Computing Security Awards". www.storagemagazine.co.uk. Retrieved 2020-04-06.
  5. "Secure sanitisation of storage media". www.ncsc.gov.uk. Retrieved 2020-04-06.