Educause Security Discussion mailing list archives
Re: Data Sanitization
From: "Spransy, Derek" <DSPRANS () EMORY EDU>
Date: Tue, 7 Apr 2009 15:13:15 -0400
We have a policy in place stating how to properly sanitize various types of media. For hard drives we mostly use DBAN. CDs and floppies get shredded. Phones are wiped using their built-in mechanisms, or they're destroyed. For hard drives that have died or have an uncommon I/O interface that we can't connect to anything, our electronics coordinator in the chemistry department developed the "Hard Drive Assassin" - a converted 25 ton press. You can see videos of it at work here (great stress reliever!): http://www.youtube.com/watch?v=vtBfhb_24MA http://www.youtube.com/watch?v=jzJ0mdlDKxg =========================== Derek Spransy IT Security Lead Emory College of Arts & Sciences derek.spransy () emory edu 404-712-8798 =========================== From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kamnab Keo Sent: Tuesday, April 07, 2009 2:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Data Sanitization We are trying to get a good feel of what methods other institutions are using to sanitize electronic storage devices (Hard disk drives, USB flash drives, CD, DVD, tapes). We are particularly interested if you are using a degausser, hard drive bending machine or some other physical destruction methods (drilling holes in the disk drive, hammers, drive shredder). One of our primary concerns is implementing a sanitizing process so that we can verify that data is adequately eliminated. For example, with a degaussing machine we would have to connect the disk drive to a computer in order to verify that it is no longer usable after the degaussing process. Has anyone experienced a failed degausser? Your feedback is greatly appreciated Kamnab Keo IT Risk Management Analyst Virginia Commonwealth University VCU Information Security - http://infosecurity.vcu.edu/ Information Security News, Tips & More - http://www.twitter.com/vcuinfosec Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html. ________________________________ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments).
Current thread:
- Data Sanitization Kamnab Keo (Apr 07)
- <Possible follow-ups>
- Re: Data Sanitization Stanclift, Michael (Apr 07)
- Re: Data Sanitization Chris Green (Apr 07)
- Re: Data Sanitization F.M. Taylor (Apr 07)
- Re: Data Sanitization Spransy, Derek (Apr 07)
- Re: Data Sanitization Jason Testart (Apr 07)
- Re: Data Sanitization Stanclift, Michael (Apr 07)
- Re: Data Sanitization Dexter Caldwell (Apr 07)
- Re: Data Sanitization Ray Bruder (Apr 07)
- Re: Data Sanitization Wayne Samardzich (Apr 07)
- Re: Data Sanitization Ray Bruder (Apr 07)
- Re: Data Sanitization Cal Frye (Apr 07)
- Re: Data Sanitization Dexter Caldwell (Apr 08)
- Re: Data Sanitization Clifford Collins (Apr 09)
- Re: Data Sanitization Marty Hoag (Apr 09)
(Thread continues...)