Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

Creating Trustworthy Archives

by Steve Tongish - Marketing Director (EMEA) of Plasmon Data Ltd. - Tuesday, 23 September 2003.

One proven approach is to establish a process-based "Chain of Trust" (Trustworthy Storage and Management of Electronic Records, Cohasset Associates, Inc., April 2003) that guides records throughout their life and clearly documents their authenticity. This Chain of Trust is comprised of both processes and products that work together to establish record trustworthiness. The primary components within the chain can be divided into four 'links':

Record Management Application
File Management
Storage Management
Storage Media

The Record Management Application is typically a document management / workflow software application that oversees the creation and management of stored records. Among other things, these applications verify the creation of records, manage record version control and provide reporting tools to validate audit trails for individual records or groups of records.

The File Management link oversees the logical read/write access to all records. This controls the deletion or overwriting of files, write verification and security / file encryption (as required). File Management software could be part of a Record Management Application, but is often a separate product(s) that operates between Record Management and the operating system to control records at a file level.

Storage Management is the physical recording of records and the management of the storage infrastructure. For example, when an electronic record is written to a storage device, the device may verify the accurate completion of the write operation and pass the verification back through the chain to the Record Management Application. This allows the application to accurately report on audit trail information. In addition to managing individual storage devices, the Storage Management link would also control the use of removable media libraries (optical and tape), which are commonly used in archival storage environments.

The last link in the chain is the actual storage media used to record the data in the records. There are several possible choices including magnetic disk, tape and optical storage media. Each of these technologies offers different performance, longevity and cost attributes. As with any link, choosing the correct media type will be critical to the overall strength of the chain.

Magnetic disk is the only real solution for active data sets since it provides the performance needed for interactive operations. However, as a long-term archival storage medium it doesn't offer the stability of other media and can be very expensive for large configurations. Tape is most commonly used for backup and disaster recovery environments since it's a high capacity, inexpensive removable media. Tape can be used for archives, but random access times are slow and it must be carefully maintained and rewritten to ensure data integrity.