* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/)
* The Cybersecurity Canon: ...

# The Cybersecurity Canon: Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records, Media and IT Assets

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F08%2Fcybersecurity-canon-information-disposition-practical-guide-secure-compliant-disposal-records-media-assets%2F)  
[](https://twitter.com/share?text=The+Cybersecurity+Canon%3A+Information+Disposition%3A+A+Practical+Guide+to+the+Secure%2C+Compliant+Disposal+of+Records%2C+Media+and+IT+Assets&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F08%2Fcybersecurity-canon-information-disposition-practical-guide-secure-compliant-disposal-records-media-assets%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F08%2Fcybersecurity-canon-information-disposition-practical-guide-secure-compliant-disposal-records-media-assets%2F&title=The+Cybersecurity+Canon%3A+Information+Disposition%3A+A+Practical+Guide+to+the+Secure%2C+Compliant+Disposal+of+Records%2C+Media+and+IT+Assets&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2017/08/cybersecurity-canon-information-disposition-practical-guide-secure-compliant-disposal-records-media-assets/&ts=markdown)  
\[\](mailto:?subject=The Cybersecurity Canon: Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records, Media and IT Assets)  
Link copied  
By [Ben Rothke](https://www.paloaltonetworks.com/blog/author/ben-rothke/?ts=markdown "Posts by Ben Rothke")  
Aug 07, 2017  
4 minutes  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)  
[Compliant Disposal of Records](https://www.paloaltonetworks.com/blog/tag/compliant-disposal-of-records/?ts=markdown)  
[cybersecurity canon](https://www.paloaltonetworks.com/blog/tag/cybersecurity-canon/?ts=markdown)  
[Information Disposition: A Practical Guide to the Secure](https://www.paloaltonetworks.com/blog/tag/information-disposition-a-practical-guide-to-the-secure/?ts=markdown)  
[Media and IT Assets](https://www.paloaltonetworks.com/blog/tag/media-and-it-assets/?ts=markdown)  
[Robert Johnson](https://www.paloaltonetworks.com/blog/tag/robert-johnson/?ts=markdown)

![cybersecuity-canon-blog-600x260](https://www.paloaltonetworks.com/blog/wp-content/uploads/2017/06/cybersecuity-canon-blog-600x260.png)

*We modeled the* [*Cybersecurity Canon*](https://www.paloaltonetworks.com/threat-research/cybercanon.html?ts=markdown)*after the Baseball or Rock \& Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.*

*The Cybersecurity Canon is a real thing for our community. We have designed it so that you can* [*directly participate in the process*](https://www.paloaltonetworks.com/threat-research/cybercanon/nominate-a-book?ts=markdown)*. Please do so!*

Book Review by Canon Committee Member, Ben Rothke, Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records, Media and IT Assets, 2017 by Robert J. Johnson.

### Executive Summary

*Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records, Media and IT Assets* is the definitive reference for those looking to create an enterprise data and media destruction process and program.

### Review

George Santayana said that those who cannot remember the past are condemned to repeat it. Taking license, when it comes to getting rid of old data, those who don't dispose of it properly are condemned to live with the serious consequences.

Data life cycle management (DLM) is a process that manages data flows across an organization throughout its life cycle. DLM ensures proper data handling from initial creation to end of life, when the data is deleted. However, far too many organizations never get around to figuring out how to get rid of data that is no longer needed. Over time, that can add up to exabytes or more of data that, if not disposed of properly, place the organization at risk.

When it comes to document and media destruction, many firms start with NIST Special Publication 800-88 [*Guidelines for Media Sanitization*](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf). NIST defines *destruction* as "the result of actions taken to ensure that media cannot be reused as originally intended and that information is virtually impossible to recover or prohibitively expensive."

For those who want to go above and beyond the NIST document and create a more formal and expansive program, in [*Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records, Media and IT Assets*](https://www.amazon.com/gp/product/B072Q59WZS/ref=as_li_tl?ie=UTF8&tag=benrothkswebp-20&camp=1789&creative=9325&linkCode=as2&creativeASIN=B072Q59WZS&linkId=22a0d33311c8ea1e037670ed3b6a01f4), author Robert Johnson has written an incredibly valuable reference that details the myriad issues related to data destruction.

Whether it's due to regulatory issues, legal or IT risk, or just as a best practice, every organization needs to have a program and process in place to deal with data destruction.

Johnson is the CEO of the National Association for Information Destruction (NAID), a trade association for companies providing information destruction services. NAID's mission is to promote the information destruction industry, and the standards and ethics of its member companies.

Many organizations don't appreciate how much data they have. When you consider the sheer amount of data stores, including hard drives, external drives, RAID, mobile phones, SD cards, CD-ROM, thumb drives, embedded media, optical drives and more, they will understand how large a task data destruction is. As the volume of stored data grows exponentially, the amount of data that needs to be destroyed increases.

The book's seven chapters and many appendices provide the reader with nearly everything they need to know about the entire destruction lifecycle. Topics covered include: data protection regulations, physical security, records and information management (RIM) principles, secure destruction methodologies, information disposition policies and procedures, how to pick a service provider, and much more.

Data destruction does not occur in a vacuum, and firms that ensure they have a formal program in place can rest easier by knowing they have reduced their regulatory risk, in addition to risk surface area.

With a $179.00 list price ([NAID](http://www.naidonline.org/nitl/en/consumer/news/5842.html) and [ARMA](https://members.arma.org/eweb/browse.aspx?site=armastore&webcode=product&id=63f35e08-0e3f-424e-b854-57d98608d0ff#.WXc1x3GQxpg) members can get the book heavily discounted), the book might initially seem expensive. But from a risk mitigation perspective, where hundreds of hours of legal fees may be incurred, that amount turns into a bargain.

My only issue with the book is that, given its price, it does not include electronic versions of the policies and processes. Aside from this is a well-written tactical guide that every organization can, and should, put into use.

### Conclusion

Every organization has documents and media that need to be properly destroyed. That, combined with never-ending concerns about data privacy, regulatory compliance, along with the continuously growing capacity of data media, means it is imperative that unwanted data storage components be properly destroyed when they reach the end of their useful life.

Data destruction is relatively easy to do right, and equally easy to do wrong. For those who want to do it right, *Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records, Media and IT Assets* should be their go-to guide. It certainly deserves its place in the Cybersecurity Canon.

*** ** * ** ***

## Related Blogs

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Cybersecurity Canon Candidate Book Review: "Abundance: The Future Is Better Than You Think](https://www.paloaltonetworks.com/blog/2018/09/cybersecurity-canon-candidate-book-review-abundance-future-better-think/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### The Cybersecurity Canon - American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road](https://www.paloaltonetworks.com/blog/2018/01/cybersecurity-canon-american-kingpin-epic-hunt-criminal-mastermind-behind-silk-road/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### We're Down to the Last Two Contestants In the 2018 Cybersecurity Canon People's Choice Awards!](https://www.paloaltonetworks.com/blog/2017/10/last-two-contestants-2018-cybersecurity-canon-peoples-choice-awards/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### 2018 Cybersecurity Canon People's Choice Awards: The Final Four](https://www.paloaltonetworks.com/blog/2017/10/2018-cybersecurity-canon-peoples-choice-awards-final-four/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### 2018 Cybersecurity Canon People's Choice Awards: Vote Now for Round 3](https://www.paloaltonetworks.com/blog/2017/10/2018-cybersecurity-canon-peoples-choice-awards-vote-now-round-3/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

[#### 2018 Cybersecurity Canon People's Choice Awards -- Round 2: Did Your Favorites Make the Cut?](https://www.paloaltonetworks.com/blog/2017/10/2018-cybersecurity-canon-peoples-choice-awards-round-2-favorites-make-cut/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language