Re: Data Sanitization

[Allison Dolan <adolan () MIT EDU>]

Some of the bigger shredding service companies with offsite shredding
services (e.g. Cintas) will take hard drives in the same locked bins
as paper, CDs, DVDs etc (whatever will fit in the slot).  That can
certainly make things easier for the end user ('put anything
sensitive in the box') and the shredding process mixes your stuff
with many others.  As with everything there are tradeoffs - the
security of the locked collection bin as well as the security of
materials as they are being carted off to the shredding facility.

Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology
77 Massachusetts Ave  NE49-3021
Cambridge MA 02139-4307
Phone: (617) 252-1461
http://mit.edu/infoprotect


On Apr 9, 2009, at 11:41 AM, Clifford Collins wrote:

> The company that handles our paper shredding also shreds our hard
> drives. We have a separate, locked bin that they go in until the
> truck shows up. Just like the paper shredding they do on site, they
> shred the drives into metal filings on site. It has to be a
> different truck from the one for paper shredding because of the
> magnetic materials that adhere to the cutters that have to be
> cleaned off, degaussed, and sharpened regularly. FYI, the company
> is Shred-it (http://www.shredit.com/).
>
> Clifford A. Collins
> Information Security Officer
> Franklin University
> 201 South Grant Avenue
> Columbus, Ohio 43215
> "Security is a process, not a product"
>
> ----- Original Message -----
> From: "Kamnab Keo" <kkeo () VCU EDU>
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Sent: Tuesday, April 7, 2009 2:41:36 PM GMT -05:00 US/Canada Eastern
> Subject: [SECURITY] Data Sanitization
>
> We are trying to get a good feel of what methods other institutions
> are using to sanitize electronic storage devices (Hard disk drives,
> USB flash drives, CD, DVD, tapes).  We are particularly interested
> if you are using a degausser, hard drive bending machine or some
> other physical destruction methods (drilling holes in the disk
> drive, hammers, drive shredder).
>
> One of our primary concerns is implementing a sanitizing process so
> that we can verify that data is adequately eliminated.  For
> example, with a degaussing machine we would have to connect the
> disk drive to a computer in order to verify that it is no longer
> usable after the degaussing process.  Has anyone experienced a
> failed degausser?
>
> Your feedback is greatly appreciated
>
> Kamnab Keo
> IT Risk Management Analyst
> Virginia Commonwealth University
>
> VCU Information Security - http://infosecurity.vcu.edu/
> Information Security News, Tips & More - http://www.twitter.com/
> vcuinfosec
>
> Don't be a phishing victim - VCU and other reputable organizations
> will never use email to request that you reply with your password,
> Social Security number or confidential personal information. For
> more details visit http://infosecurity.vcu.edu/phishing.html.