Survey on Effective Disposal of E-Waste to Prevent Data Leakage
DOI:
https://doi.org/10.24423/cames.2024.492Keywords:
e-waste, data leakage, data leakage detection, data leakage prevention, data disposal, data destruction, data security, end of life of dataAbstract
E-waste refers to electronic products that are of no use, not working properly, and either close to or at the end of their “useful life”. Companies generate large amounts of e-waste when they replace old and outdated IT hardware with new technologies. Disposing of this e-waste is not so simple, as it may contain a significant amount of intellectual property in the form of data. Timely elimination of these records and data is very crucial to secure it. E-waste cannot just be discarded due to associated data security, confidentiality, compliance and environmental risks and policies. Even after deleting data, it can still be prone to social engineering attacks by malicious individuals. Data leakage is the unauthorized transmission of data from within an organization to an external destination or recipient, and it can be transferred electronically or physically. Nowadays, protecting data is of upmost importance for organizations. However, organizations still fail at destroying confidential data from their end-of-life equipment. This article focuses on how to detect data leakage and try to find those responsible for doing so. Different Data Loss Prevention (DLP) techniques that are currently being used by many organizations are discussed and some suggestions are provided for developing more consistent DLP and overcoming the weaknesses prevalent in these techniques. Furthermore, this article discusses various algorithmic, logical, and methodological foundations and procedures followed for large-scale data disposal, determining when the life of data comes to an end.
References
2. K. Kaur, I. Gupta, A.K. Singh, A comparative evaluation of data leakage/loss prevention systems (DLPS), [in:] Proceedings of 4th International Conference on Computer Science & Information Technology (CS & IT-CSCP), pp. 87–95, 2017, doi: 10.5121/csit.2017.71008.
3. A. Jones, Why are we not getting better at Data Disposal?, [in:] Annual ADFSL Conference on Digital Forensics, Security and Law, Vol. 7, pp. 89–94, 2009, https://commons.erau.edu/adfsl/2009/thursday/7.
4. R. Tahboub, Y. Saleh, Data leakage/loss prevention systems (DLP), [in:] 2014 World Congress on Computer Applications and Information Systems (WCCAIS), pp. 1–6, IEEE, 2014, doi: 10.1109/WCCAIS.2014.6916624.
5. R.S. Kadu, V.B. Gadicha, Review on securing data by using data leakage prevention and detection, International Journal on Recent and Innovation Trends in Computing and Communication, 5(5): 731–735, 2017, doi: 10.17762/ijritcc.v5i5.597.
6. C. Bhatt, R. Sharma, Data leakage detection, International Journal of Computer Science and Information Technologies, 5(2): 2556–2558, 2014.
7. X. Shu, D. Yao, E. Bertino, Privacy-preserving detection of sensitive data exposure, IEEE Transactions on Information Forensics and Security, 10(5): 1092–1103, 2015, doi: 10.1109/TIFS.2015.2398363.
8. E. Costante, D. Fauri, S. Etalle, J. den Hartog, N. Zannone, A hybrid framework for data loss prevention and detection, [in:] Proceedings of 2016 IEEE Security and Privacy Workshops, San Jose, CA, USA, pp. 324–333, 2016, doi: 10.1109/SPW.2016.24.
9. P. Papadimitriou, H. Garcia-Molina, Data leakage detection, IEEE Transactions on Knowledge and Data Engineering, 23(1): 51–63, 2011, doi: 10.1109/TKDE.2010.100.
10. X. Shu, J. Zhang, D.D. Yao, W.-C. Feng, Fast detection of transformed data leaks, IEEE Transactions on Information Forensics and Security, 11(3): 1–16, 2016, doi: 10.1109/TIFS.2015.2503271.
11. S. Chhabra, A.K. Singh, Dynamic data leakage detection model based approach for MapReduce computational security in cloud, [in:] Proceedings of 2016 Fifth International Conference on Eco-friendly Computing and Communication Systems (ICECCS-2016), Bhopal, India, pp. 13–19, 2016, doi: 10.1109/Eco-friendly.2016.7893234.
12. A. Shabtai, Y. Elovici, L. Rokach, A Survey of Data Leakage Detection and Prevention Solutions, Springer, Boston, MA, 2012, doi: 10.1007/978-1-4614-2053-8_4.
13. M. Ghouse, M.J. Nene, Graph neural networks for prevention of leakage of secret data, [in:] 2020 5th International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, pp. 994–999, 2020, doi: 10.1109/ICCES48766.2020.9137957.
14. M. Ghouse, M.J. Nene, VembuSelvi C., Data leakage prevention for data in transit using artificial intelligence and encryption techniques, [in:] 2019 International Conference on Advances in Computing, Communication and Control (ICAC3), Mumbai, India, pp. 1–6, 2019, doi: 10.1109/ICAC347590.2019.9036839.
15. M.N.A. Wahid, A. Ali, B. Esparham, M. Marwan, A comparison of cryptographic algorithms: DES, 3DES, AES, RSA and blowfish for guessing attacks prevention, Journal Computer Science Applications and Information Technology, 3(2): 1–7, 2018.
16. J.M. Gómez-Hidalgo, J.M. Martín-Abreu, J. Nieves, I. Santos, F. Brezo, P.G. Bringas, Data leak prevention through named entity recognition, [in:] 2010 IEEE Second International Conference on Social Computing, Minneapolis, MN, USA, pp. 1129–1134, 2010, doi: 10.1109/SocialCom.2010.167.
17. A. Buda, A. Colesa, File system minifilter based data leakage prevention system, [in:] 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet), Cluj-Napoca, Romania, pp. 1–6, 2018, doi: 10.1109/ROEDUNET.2018.8514147.
18. T. Mustafa, Malicious data leak prevention and purposeful evasion attacks: An approach to Advanced Persistent Threat (APT) management, [in:] 2013 Saudi International Electronics, Communications and Photonics Conference, Riyadh, Saudi Arabia, pp. 1–5, 2013, doi: 10.1109/SIECPC.2013.6551028.
19. Y. Lu, X. Huang, D. Li, Y. Zhang, Collaborative graph-based mechanism for distributed big data leakage prevention, [in:] 2018 IEEE Global Communications Conference (GLOBECOM), Abu Dhabi, United Arab Emirates, pp. 1–7, 2018, doi: 10.1109/GLOCOM.2018.8647746.
20. G. Katz, Y. Elovici, B. Shapira, CoBAn: A context based model for data leakage prevention, Information Sciences, 262: 137–158, 2014, doi: 10.1016/j.ins.2013.10.005.
21. G. Michael, Data leakage in cloud computing, International Journal of Pure and Applied Mathematics, 116(9): 273–278, 2017.
22. S.B. Alkhadhr, M.A. Alkandari, Cryptography and randomization to dispose of data and boost system security, Cogent Engineering, 4(1): 1300049, 2017, doi: 10.1080/23311916.2017.1300049.
23. R. Chandramouli, D. Pinhas, Security guidelines for storage infrastructure, NIST Special Publication, 800: 209, 2020, doi: 10.6028/NIST.SP.800-209.
24. T. Liquori, Methods of Data Destruction, Dispose of Data Securely, Accessed on Nov 10, 2021 at https://dataspan.com/blog/what-are-the-different-types-of-data-destruction-andwhich-one-should-you-use/.
25. H. Hammouchi, O. Cherqi, G. Mezzour, M. Ghogho, M. El Koutbi, Digging deeper into data breaches: An exploratory data analysis of hacking breaches over time, Procedia Computer Science, 151: 1004–1009, 2019, doi: 10.1016/j.procs.2019.04.141.
26. S. Alneyadi, E. Sithirasenan, V. Muthukkumarasamy, A survey on data leakage prevention systems, Journal of Network and Computer Applications, 62: 137–152, 2016, doi: 10.1016/j.jnca.2016.01.008.
27. K.S. Wagh, A survey: Data leakage detection techniques, International Journal of Electrical and Computer Engineering, 8(4): 2247–2253, 2018, doi: 10.11591/ijece.v8i4.pp2247-2253.
28. A. Jones, Lessons not learned on data disposal, Digital Investigation, 6(1-2): 3–7, 2009.
29. K. Rahul, R.K. Banyal, Data life cycle management in big data analytics, Procedia Computer Science, 173: 364–371, 2020, doi: 10.1016/j.procs.2020.06.042.
30. D. Bisson, 7 Data Breach Case Studies Involving Human Error, Venafi, Accessed on Nov 15, 2021 at https://venafi.com/blog/7-data-breaches-caused-human-error-didencryption-play-role/.
31. C. Chakraborty, A. Kishor, J.J.P.C. Rodrigues, Novel enhanced-grey wolf optimization hybrid machine learning technique for biomedical data computation, Computers and Electrical Engineering, 99: 107778, 2022, doi: 10.1016/j.compeleceng.2022.107778.
32. S. Acharya, Security Injection: Mobile Risk Management – Introduction, Towson University, Accessed on Dec 12, 2021 at https://cisserv1.towson.edu/~cyber4all/modules/nanomodules/Mobile_Risk_Management-Introduction.html.
33. A. Jones, C. Valli, I. Sutherland, P. Thomas, The 2006 analysis of information remaining on disks offered for sale on the second hand market, Journal of Digital Forensics, Security and Law, 1(3): 2, 2006, doi: 10.15394/jdfsl.2006.1008.
34. Blancco, Data Sanitization in the Modern Age: DoD or NIST?, Accessed on Dec 26, 2021 at https://www.blancco.com/resources/bp-data-sanitization-in-the-modern-age-dod-or-nist/.
35. T. Caldwell, Seek and destroy, Network Security, 2012(9): 15–19, 2012, doi: 10.1016/S1353-4858(12)70083-1.
36. Report on Data Loss, Dallas City Hall, Accessed on Jan 10, 2022 at https://dallascityhall.com/departments/ciservices/Pages/Report-on-Data-Loss.aspx.