BreachExchange mailing list archives
Re: hard drive destruction
From: "DAIL, ANDY" <ADAIL () sunocoinc com>
Date: Wed, 16 Aug 2006 12:09:10 -0400
Don't forget contractual and cost considerations either. For instance, we have computers in over 5,000 gas stations. When a hard drive goes out in one of those PC's, our contract with Dell requires us to send in the old drive in order to receive a new one under warranty. We could pay extra and just get a new drive and destroy the old one, but why make it more expensive? We ensure the drive is clean, then we ship it to Austin. It adds a step, but it is still cheaper than buying new drives all the time (funny how those $100, 500 GB drives at CompUSA never seem to make it onto my commercial account ordering lists). Too many decision makers are led down the most expensive solution to a problem for the sake of ease, because of paranoia or inexperienced staff. The more simple and inexpensive the solution (assuming it is effective, or adequate compensating controls can be deployed), the more likely it is to be followed by staff, and the more likely I am to still be managing the effort next year. :) Andy Dail Sunoco PCI Project Manager -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of blitz Sent: Wednesday, August 16, 2006 10:58 AM To: George Toft Cc: dataloss () attrition org Subject: Re: [Dataloss] hard drive destruction Generally, Im for recycling drives as much as possible, for not too many have the resources to access an electron microscope needed to see anything left over after a DOD approved wipe and rewrite scheme. If it were National security, incineration is the only way, as you'd be dealing with entities with the time and money. PII theft is usually a crime of opportunity. A DOD 5200.28 wipe should suffice. At 09:32 8/16/2006, you wrote: Just wondering what the group feels is an adequate level of destruction for a hard drive that contains personal financial information . . . A. Using software to wipe the drive to DOD 5200.28 spec. B. Cutting the platters in half (great big saw that essentially chops the drive into two pieces). C. Drilling out the center of the platter with a 2" drill bit. D. Hard drive degausser. E. Other - please specify. -- George Toft, CISSP, MSIS My IT Department www.myITaz.com <http://www.myitaz.com/> 480-544-1067 Confidential data protection experts for the financial industry. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 303 incidents over 6 years. -- This message has been scanned for viruses and dangerous content by MailScanner <http://www.mailscanner.info/> , and is believed to be clean. This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 303 incidents over 6 years.
Current thread:
- hard drive destruction George Toft (Aug 16)
- Re: hard drive destruction Pawel Krawczyk (Aug 16)
- Re: hard drive destruction Angelo Manoloules (Aug 16)
- Re: hard drive destruction blitz (Aug 16)
- Re: hard drive destruction Chris Walsh (Aug 16)
- Re: hard drive destruction Al Mac (Aug 16)
- <Possible follow-ups>
- Re: hard drive destruction *Hobbit* (Aug 16)
- Re: hard drive destruction Joe Francis (Aug 16)
- Re: hard drive destruction George Toft (Aug 17)
- Re: hard drive destruction Joe Francis (Aug 16)
- Re: hard drive destruction DAIL, ANDY (Aug 16)
- Re: hard drive destruction DAIL, ANDY (Aug 16)
- Re: hard drive destruction DAIL, ANDY (Aug 16)
- Message not available
- Re: hard drive destruction Al Mac (Aug 17)
- Message not available