BreachExchange mailing list archives
Re: hard drive destruction
From: "DAIL, ANDY" <ADAIL () sunocoinc com>
Date: Wed, 16 Aug 2006 14:45:40 -0400
Very excellent points. This whole security and accountability issue adds a new level of complexity to outsourcing and offshoring IT capabilities. Data breaches aside, when SoX moves from 404 to 409, I cannot help but wonder how some business entities will demonstrate compliance, when all of their physical data handling occurs outside of their physical control. It is deceptively easy to comply with security requirements on paper. Of course The Information Security ISO 17799 and ISO 27001 will add additional levels of complexity. The combination of executive accountability (in terms of actually going to jail) for financial data, and the vulnerability of personal data (often stored on the same systems) will make the next 5 years.... Interesting. Andy Dail Sunoco PCI Project Manager -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Al Mac Sent: Wednesday, August 16, 2006 12:53 PM To: dataloss () attrition org Subject: Re: [Dataloss] hard drive destruction I agree that it is best to have professionals do the obliteration, because most businesses do not have personnel with relevant skills and check lists to take care of all computers they done with. However, there needs to be certification that the professionals actually do what they contracted to do. There have been breaches where some computer trade-in place was supposed to wipe disk on the old system, then the used market gets the confidential data not erased. The computer trade-in place had dropped the ball. This also applies to passing old company computers to employees, or sales direct to other companies who accept hand me down equipment. There have been breaches in that area also. Al Mac _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 303 incidents over 6 years. This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 303 incidents over 6 years.
Current thread:
- Re: hard drive destruction, (continued)
- Re: hard drive destruction Pawel Krawczyk (Aug 16)
- Re: hard drive destruction Angelo Manoloules (Aug 16)
- Re: hard drive destruction blitz (Aug 16)
- Re: hard drive destruction Chris Walsh (Aug 16)
- Re: hard drive destruction Al Mac (Aug 16)
- Re: hard drive destruction *Hobbit* (Aug 16)
- Re: hard drive destruction Joe Francis (Aug 16)
- Re: hard drive destruction George Toft (Aug 17)
- Re: hard drive destruction Joe Francis (Aug 16)
- Re: hard drive destruction DAIL, ANDY (Aug 16)
- Re: hard drive destruction DAIL, ANDY (Aug 16)
- Re: hard drive destruction DAIL, ANDY (Aug 16)
- Message not available
- Re: hard drive destruction Al Mac (Aug 17)
- Message not available