Re: hard drive destruction

["DAIL, ANDY" <ADAIL () sunocoinc com>]

Don't forget contractual and cost considerations either.  For instance,
we have computers in over 5,000 gas stations.  When a hard drive goes
out in one of those PC's, our contract with Dell requires us to send in
the old drive in order to receive a new one under warranty.  We could
pay extra and just get a new drive and destroy the old one, but why make
it more expensive?  We ensure the drive is clean, then we ship it to
Austin.  It adds a step, but it is still cheaper than buying new drives
all the time (funny how those $100, 500 GB drives at CompUSA never seem
to make it onto my commercial account ordering lists).

Too many decision makers are led down the most expensive solution to a
problem for the sake of ease, because of paranoia or inexperienced
staff.  The more simple and inexpensive the solution (assuming it is
effective, or adequate compensating controls can be deployed), the more
likely it is to be followed by staff, and the more likely I am to still
be managing the effort next year. :)



Andy Dail
Sunoco PCI Project Manager


        -----Original Message-----
        From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of blitz
        Sent: Wednesday, August 16, 2006 10:58 AM
        To: George Toft
        Cc: dataloss () attrition org
        Subject: Re: [Dataloss] hard drive destruction


        Generally, Im for recycling drives as much as possible, for not
too many have the resources to access an electron microscope needed to
see anything left over after a DOD approved wipe and rewrite scheme.
        If it were National security, incineration is the only way, as
you'd be dealing with entities with the time and money. PII theft is
usually a crime of opportunity.
        A DOD 5200.28 wipe should suffice.


        At 09:32 8/16/2006, you wrote:


                Just wondering what the group feels is an adequate level
of destruction
                for a hard drive that contains personal financial
information . . .
        
                A. Using software to wipe the drive to DOD 5200.28 spec.
        
                B.  Cutting the platters in half (great big saw that
essentially chops
                the drive into two pieces).
        
                C.  Drilling out the center of the platter with a 2"
drill bit.
        
                D.  Hard drive degausser.
        
                E.  Other - please specify.
        
                --
                George Toft, CISSP, MSIS
                My IT Department
                www.myITaz.com <http://www.myitaz.com/>
                480-544-1067
        
                Confidential data protection experts for the financial
industry.
                _______________________________________________
                Dataloss Mailing List (dataloss () attrition org)
                http://attrition.org/dataloss
                Tracking more than 142 million compromised records in
303 incidents over 6 years.


        --
        This message has been scanned for viruses and
        dangerous content by MailScanner <http://www.mailscanner.info/>
, and is
        believed to be clean.



This message and any files transmitted with it is intended solely for the designated recipient and may contain 
privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in 
whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and 
delete the original and any attachments.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 142 million compromised records in 303 incidents over 6 years.