Why You Need a Defensible Content Disposition Playbook

Today, the corporate Information Security function has to be concerned with more than just building stronger walls. It has to build an information management strategy and framework which starts with a defensible content disposition playbook.

Information in corporate repositories should have as little sensitive data as possible.

The idea is to make sure that the information stored in corporate repositories contains as little sensitive data as possible, as little junk and as little stale data as possible. Also access rights to that information must be as clean as possible.

All of this requires that CISOs begin to address information management issues as part of their day-to-day practice. This should be a complement to the more traditional focus on building stronger defenses against breaches.

The Doculabs 5-step information management program framework.

What do you need to execute information management successfully? Doculabs has outlined an information management program framework that CISOs can adopt and that helps minimize the impact of a breach.

The information management framework has five components:

I’ll be taking up these components one by one in upcoming blog posts. Today’s topic is the defensible disposition playbook.

A defensible content disposition playbook is the first step in an information management strategy.

Until recently, when it comes to content disposition, too many organizations have been inclined to keep it all. They too infrequently undertake a serious purge of electronic content in their various repositories, in spite of corporate records management policies which allow for the defensible disposition of outdated or “junk” content.

Today’s security concerns, however, have forced a change in this mindset. Best practices in information management now dictate the migration of data to repositories that provide not only the appropriate level of security for that data, but also allow the purging of any data that doesn’t need to be migrated. The latter case is true because that data shouldn’t have been in corporate repositories to begin with.

There are many risks when purging or migrating content.

When you’re purging or migrating content, your first concern is to get it right. Make sure it all moves over, nothing bombs out, and day-to-day business isn’t disrupted. While these are real risks you should be concerned about, the legal risks associated with data purge and migration are no less real.

If content that's been migrated—even five, 10 or 15 years after the fact—turns out to be germane to a lawsuit, someone at your organization will need to speak to how you handled the data. In order to convince the judge and opposing counsel that the purge or migration was defensible, they'll also need to explain the methods you used.

Preserve the chain of data custody; prove that no data was corrupted.

What's important here is to prove that the organization preserved chain of custody, and that none of the data was corrupted in any way. The problem is that, all those years later, it’s highly likely that no one will remember the specifics of the purge or migration well enough to be deposed in court and be persuasive.

A defensible content disposition playbook is engineered to address this challenge.

The elements of a defensible content disposition playbook.

While the detailed specifics of a defensible content disposition playbook will differ from organization to organization, they all typically have the following elements:

  • Legal standards that a purge or migration needs to meet to be defensible. The high-level, rules of the road; think of requirements from Legal for the defensible purge or migration of data.
  • Purge/migration criteria. The specs that define what will be included in the purge or migration and what won’t be included, such as junk, stale, or sensitive content, etc.
  • Purge/migration ruleset. The detailed protocols used to identify content; e.g. the actual regular expressions that are employed by file analytics and purge/migration tools.
  • File analytics test scripts. The results of the file analysis that determine whether it was successful, to what degree of accuracy, as well as the percentage of false positives, etc.
  • Purge/migration test scripts.  The results of the migration or purge. Did the organization get everything it intended to? Did it get anything it didn't intend to? Did anything get missed. Did anything go wrong in the purge or migration (e.g. loss/alteration of metadata)? All of this ensures source-target accuracy and chain of custody.
  • Test results documentation. what did the organization test, and what did it find?
  • Closeout report. Details on how the purge or migration went. This should list out any issues or problems and what was done, if anything, to address these problems.
A Practical Methodology for Defensible Disposition of Information 
Rich Medina
Joe Shepley
I’m VP and Practice Lead, focusing on developing Doculabs’ InfoSec practice and its applications in a wide range of industries.