Re: Quick Survey: How do you "dispose" of outbound hard drives??

["Perry, Jeff" <perry () KU EDU>]

Good points all around (re: dod vs EDU).

> Michael wrote: " higher ed typically doesn't play in the "blinding
white flash" arena, so I'd recommend AGAINST trying to apply those rules
in this environment."

This is indeed why we stuck to degaussing as our "nuclear option" and
didn't go with a degauss+physical shredder policy (and the noise and
cost and mess associated with it).  The method that each division/school
must use on our campus is stipulated in our data classification policy.
We have a matrix that basically says "if the system is rated Category 1
and is moving to another Category 1 use internally do XYZ. " If it's
moving down (cat 1 -> 2) internally do 123"  "If it's leaving us
entirely do ABC". 

However the majority of the machine are actually moving out the door and
we have only one method to deal with that (due to the fact that it's a
0% probability that the person disposing of the system is going to a.)
understand all this compliance stuff and b.) know everything about said
unit).  So we err on the side of 10k gauss pulse everything not to be
reused (as it fries the data and the drive) and wipe (using an approved
method/tool) for those few that are going to be reused.

Our ace in the hole is a contract we have that allows for third party
pickup, monitored destruction, and sign-off paperwork if we ever do run
across something that actually legally needs to be pulsed, shredded,
burned, dipped in acid, and then fed to llamas.

I too think the ATA thing is neat and may prove very useful in the near
future, but until it's more common we're opting for clarity so people
don't have a huge decision tree to work through (and ultimately mess up
occasionally which defeats all the time you saved).  So thanks to those
that are really spending the effort to look in to the questions it
brings up.

Cheers,

Jeff Perry, CISSP
Director, Enterprise Infrastructure & Operations
The University of Kansas

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Doty, Timothy T.
Sent: Wednesday, September 29, 2010 11:45 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound
hard drives??

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
> Sent: Wednesday, September 29, 2010 10:56 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound
> hard drives??
>
> On Wed, 29 Sep 2010 09:32:40 MDT, "SCHALIP, MICHAEL" said:
>
> > ng white flash" arena, so I'd recommend AGAINST trying to apply
those
> rules
> >  in this environment.
>
> My point was that the vast majority of what higher ed considers
> sensitive data
> isn't (in the greater scheme of things) any more sensitive than the
> "Sensitive
> But Unclassified" category on the DoD side, so trying any harder than
> that
> isn't worth the effort.

You are comparing DoD classification schemes with education and having
different needs they will necessarily classify things differently. I
originally wrote a lot more, but the short of it is that what is
sensitive
and how depends on who is asking who. The world of DoD is *far*
different
than education and it isn't necessarily a matter of greater vs lesser,
it is
just very, very different. The relevance of an institution's data to
national security is largely irrelevant, what matters in the end is the
financial risk and from there determining fiscally appropriate
mitigations.

It doesn't matter how DoD would rate it: different field, different
concerns.

When it comes to preventing data from being recovered from surplussed
hardware I'm of the camp "single overwrite is good enough". I find ATA
secure erase interesting because it has potentially less overhead than
DBAN
(it appears faster allowing higher throughput of drives if that is a
concern) and better reliability (vs procedures in place to ensure that
interrupted wipes are actually completed). It has caveats, however, that
prevent it from being a drop-in replacement for DBAN.

Ultimately, each institution has to determine for themselves what their
mitigation strategy will be. Some may have external requirements
preventing
physical destruction, others may find that easier and cheaper due to
particulars. Some may wipe with one tool, others with another. As long
as
they understand the capabilities and risks of their method, all is well.
(I
may still have a hard drive from a certain department of transportation
that
had been "wiped" by installing DOS on the drive and then sold -- the
"wipe"
had no real impact on the NTFS file system.) 

Tim Doty