5 hours 58 minutes
Welcome back to CyberRays. It's of course, I'm your instructor. Brad Roads. Let's talk about Decommissioning and disposal processes.
So in this lesson, we're gonna talk about Decommissioning. We're talking about disposal. Then we're going to compare the two.
when we talk about Decommissioning, that's where we're taking ah, system out of service and we're likely going to very important here. Reuse it, and so you can see the process here.
The Decommissioning process actually starts at the beginning of our systems engineering work and our information systems security, engineering work. We got to determine the end of life of the system. That's where it starts. If we don't know when we need to decommission a system, it's really hard toe to determine what we're gonna do with it.
We then need to look at data. What data are we going to archive? Do we need to keep any? Are there regulatory requirements that we should be paying attention to, um, that require us to keep data a certain amount of time after something ends from a lifecycle perspective,
The decomp process here is software hardware. Were you so obviously, software Hardware? Those kinds of assets are very expensive And so it does make sense of times where you can to reuse certain aspects of a system. However, I would caution there
that reuse, especially of hardware, especially if it's things that are going to go out of life cycle. Maybe they have
firmware that that's going to eventually stop being updated. Maybe there's no long term support. You might end up driving yourself directly into the disposal process without them.
Um, you determine when you're going to shut down a system and then you do it. That's really what we're talking about here. And keep Decommissioning process and keep in mind. Once you remember, Decommissioning is all about reuse
in the disposal process. We start at the same place we're gonna determine when is our system gonna reach end of life? Um, and and we have to make those determinations. If we don't, we don't know where the rest of the process goes. We Then again, look at data archiving and the system shutdown timing and want to touch on that really quick system shutdown. Timing is really important
you don't want to shut down a system in the middle of, say, a major process for, say, a customer, you know, unless you notify them, you have to plan around all of that. We don't just willy nilly shut down systems as issues. That's not our stick. We have to make sure that we have coordinated all of that.
And once we've done it, we implement the system. Shutdown are carving.
But the here's the difference between Decommissioning and disposal were not reusing anything. We're going to go through our destruction guidelines for the organization, and we're going to get rid of the thing we're going to basically, in some cases reduce of the systems to dust that that's what happens when we talk about destruction.
There's no reuse here. We're not planning on re used.
Disposal is all about destroying, whether it's media assets, whatever.
So let's compare the two and I really like these pictures. When you think about Decommissioning, I want you to remember the recycling, uh, boxes they're shown on on the pallets, right? You are going to reuse something. You're gonna actually take a piece of part. Maybe the entire system,
maybe a hard drive, whatever they get you,
and you're going to reuse it in something else. That's what Decommissioning is it is preparing, Ah, system or components for potential. Recuse
disposal is what you see right there. We're just throwing it out. We're getting rid of it. Where we've we've sanitized it as we've talked about previously, and we're just going to get rid of it right now. Are we going to When we talk about disposal, get rid of, say, a hard drive without, you know, damaging the hard drive beyond repair? No, that that's part of the
disposal or destruction process. Right? And the goal of the disposal process pretty straightforward,
is to prevent
future data exposure from those say, Dumpster divers, which are They're back out there again. I can't make this up. This is actually something that I've seen and talked to people at a conference is that Dumpster diving is actually still pretty fruitful, which is scary in the 21st century.
So in this lesson, we talked about Decommissioning. We talked about disposal, both of those processes, and then we compared. And what I want you to remember is Decommissioning is all about re use, reduce, reuse, recycle. If you remember the reference there, we're gonna reuse something. Um, disposal is we're just gonna destroy. We're not looking to reuse it. It's not either not worth it.
The risk is too great. Whatever the case may be,
that's what we're talking about with disposal.
We'll see you next time as we wrap up
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered
ISC2 CISSP Practice Test: Certified Information Systems Security Professional
There is a growing need for information security leaders who possess the depth of expertise ...