Educause Security Discussion mailing list archives
Re: hard drive destruction
From: Jim Dillon <Jim.Dillon () CUSYS EDU>
Date: Thu, 10 Aug 2006 12:25:31 -0600
Sensitive info by definition has more value than any hard drive. At worst a killdisk wipe or heavy degaussing will occur to all drives managed through our property services. The unfortunate truth is that there is little control over this throughout the populace, and I'm sure sensitive data goes out. We're working that end. The actually costs in fines alone of another sensitive data breach here could reach $1M and climb to >$10M depending, and I don't think that justifies returning the drive. We are finding and encouraging the purchasing of computers from DELL or Gateway with the option to not return the drive. An extra $15 up front, but it keeps the warranty safe. Best regards, Jim ***************************************** Jim Dillon, CISA, CISSP IT Audit Manager, CU Internal Audit jim.dillon () cusys edu 303-492-9734 ***************************************** ________________________________ From: Michael Fox [mailto:Mfox () GEORGIASOUTHERN EDU] Sent: Thursday, August 10, 2006 8:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] hard drive destruction I am working on policy and procedures for hard drive wipe/destruction. I have most of what I need for my procedures but I have hit one sticking point. I would like to get some input as to how others have handled this issue. The issue: if a hard drive that is under warranty fails most technicians will contact the vendor, get a replacement drive and send the "bad" drive back to the vendor. If there is sensitive information on that drive (worst case scenario always) the vendor now has access to that data and/or worse yet they repair the drive and sell it to someone else. What do you folks do with this kind of scenario? Any information will be a great help. Thanks in advance, Mike Mike Fox Georgia Southern University Information Technology Services Office of Information Security mfox () georgiasouthern edu (912)871-1592 Jeremiah 29:11-16 NOTE: This email message is intended only for the named recipient(s) above and may contain information that is privileged, confidential, and or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately contact the sender and delete this email message.
Current thread:
- hard drive destruction Michael Fox (Aug 10)
- <Possible follow-ups>
- Re: hard drive destruction Tony Gauvin (Aug 10)
- Re: hard drive destruction Les LaCroix (Aug 10)
- Re: hard drive destruction Roy Hatcher (Aug 10)
- Re: hard drive destruction Mark T. Nardone (Aug 10)
- Re: hard drive destruction Pace, Guy (Aug 10)
- Re: hard drive destruction Barnes, Jeff (Aug 10)
- Re: hard drive destruction Jim Dillon (Aug 10)