1) What do you think is an organization’s responsibility to ensure the protection and proper destruction of any sensitive or personal information regarding employees, customers, etc.? The organization...

1)

• What do you think is an organization’s responsibility to ensure the protection and proper destruction of any sensitive or personal information regarding employees, customers, etc.?

The organization is responsible for keeping confidential information private and keeping it out of the wrong hands. The organization is responsible for making sure documents are destroyed in the proper way like shredding or getting a company to effectively manage the removal of personal documents for electronic devices there is a proper way of sensitizing all electronics.

• "Implement an information disposal practice, make it as convenient as possible (i.e. easily accessible shredders) and communicate it to employees." (“Protecting Customer Data - FindLaw”)


• "Use shredders for paper documents and CDs and use a wipe utility programs to erase stored data from old computers." (“Protecting Customer Data - FindLaw”)


• If you use consumer credit reports in your business, make sure you follow theFTC's Disposal Rule(team, 2016).


• How do you dispose of sensitive automated information? Do you think this is sufficient to protect your information or that of your organization? Why or why not?

Deleting data from anything electronic does not make it go away it just deletes it from your sight but it's still in the device. To completely delete data from a computer you need to do a secure erase that is in the firmware that is a set of commands, in the hard drive in the computer. In the hard drive, all data is erased. With a smartphone and tablets, you would do a hard reset and remove the memory card. With office equipment such as printers, fax machines, and other equipment you do a factory reset and remove either the hard drive or memory card. Disposing sensitive information is very effective if you do it right. Making sure that you back up all data is important also just in case you erase more than what you wanted to erase.

• "Discuss your understanding of how disk encryption can help protect data in case the hardware is lost or stolen." (“Discussion on Data Encryption”)

In the event of a lost or stolen hardware the person who stole it or found it has not come up on anything that would be important to them because they would not be able to see the information because it is encrypted, they might as well have a paperweight because it is of no use for that person. They cannot get the information without the key or password.

• Do you think this is enough to protect the data? Explain your answer.

It is enough to protect the data. There is also more that can that a company can do to protect the data, like a strong password. Do not leave your password laying around on your office table, use the clean desk policy, and make sure that the office has physical security like locked doors and locked computers with passwords.

References

Devices, S. T.-0. (2021, February 01).SECURITY TIP (ST18-005) Proper Disposal of Electronic Devices. Retrieved from Cybersecurity and Infrastructure Security Agency: www.cisa.gov

team, F. L. (2016, June 20).Protecting Customer Data. Retrieved from FindLaw: /www.findlaw.com

2)