BreachExchange mailing list archives
OH: City's computer disposal might pose data-theft risks
From: security curmudgeon <jericho () attrition org>
Date: Wed, 4 May 2011 01:03:41 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.dispatch.com/live/content/local_news/stories/2011/05/02/computer-disposal-might-pose-risks.html?sid=101 By Doug Caruso THE COLUMBUS DISPATCH May 2, 2011 Columbus could be placing sensitive data in danger of theft when it retires old computers, a security expert warned. The city's Department of Technology receives guarantees from its computer-disposal vendor that hard drives and other data-containing computer parts have been destroyed. But city technicians keep no record of what they have taken out of service and sent for destruction, The Dispatch learned through a public-records request. That makes it difficult to ensure that all the retired equipment has been disposed of properly, said Gene Spafford, a Purdue University professor who is executive director of the school's Center for Education and Research in Information Assurance and Security. "If they don't have positive tracking between tracking what's in the system and tracking what's being disposed of with one-to-one matches of serial numbers, it's possible for someone to steal the equipment without anybody knowing about it," Spafford said. The city government, which handles income-tax records and medical records, among other sensitive data, has never lost any of it, said Gary Cavin, the city's technology director. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- OH: City's computer disposal might pose data-theft risks security curmudgeon (May 04)