Educause Security Discussion mailing list archives

Re: hard drive destruction

From: "Mark T. Nardone" <m.nardone () NEU EDU>
Date: Thu, 10 Aug 2006 12:08:40 -0400

With warranty repairs we use CBE as our vendor. We have established
protocols with them for HD swaps, they will replace the drive and the
original warranty drive comes to ITSecurity for data wiping. Normally this
is just a 5 working day delay in the return of the drive to CBE. 90% of
the time the drives are functional enough to be wiped using either our
KillDisk boot disk, or in some cases our Encase Forensic hardware. In the
very few instances where neither is possible we will swap the drive for an
equivalent to go to the vendor, and we send the original for destruction.

So far this has worked fairly well.

Mark

Mark T. Nardone
IT Security Analyst
Northeastern University
448 Columbus Place
Boston , MA 02115
617.373.7901 (desk)
617.335.5082 (mobile)
617.373.4354 (fax)
m.nardone () neu edu
Northeastern AUP
=================================================
This message may contain confidential or sensitive information,
and is intended only for the addressed individuals.  If you are not
a named addressee, or if you have received this message in error,
we ask your cooperation to refrain from disseminating, distributing or
copying this e-mail, and request that you delete it from your device.
=================================================




Michael Fox <Mfox () GEORGIASOUTHERN EDU>
08/10/2006 10:44 AM
Please respond to
The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
[SECURITY] hard drive destruction






I am working on policy and procedures for hard drive wipe/destruction. I
have most of what I need for my procedures but I have hit one sticking
point. I would like to get some input as to how others have handled this
issue.

The issue: if a hard drive that is under warranty fails most technicians
will contact the vendor, get a replacement drive and send the "bad" drive
back to the vendor. If there is sensitive information on that drive (worst
case scenario always) the vendor now has access to that data and/or worse
yet they repair the drive and sell it to someone else.

 What do you folks do with this kind of scenario?

Any information will be a great help.

Thanks in advance,
Mike


Mike Fox
Georgia Southern University
Information Technology Services
Office of Information Security
mfox () georgiasouthern edu
(912)871-1592

Jeremiah 29:11-16

NOTE: This email message is intended only for the named recipient(s) above
and may contain information that is privileged, confidential, and or
exempt
from disclosure under applicable law. If you have received this message in
error, or are not the named recipient(s), please immediately contact the
sender and delete this email message.

Current thread:

hard drive destruction Michael Fox (Aug 10)
- <Possible follow-ups>
- Re: hard drive destruction Tony Gauvin (Aug 10)
- Re: hard drive destruction Les LaCroix (Aug 10)
- Re: hard drive destruction Roy Hatcher (Aug 10)
- Re: hard drive destruction Mark T. Nardone (Aug 10)
- Re: hard drive destruction Pace, Guy (Aug 10)
- Re: hard drive destruction Barnes, Jeff (Aug 10)
- Re: hard drive destruction Jim Dillon (Aug 10)