Re: Data Sanitization

["F.M. Taylor" <fmtaylor () PURDUE EDU>]

Since we have no "top secret" data on the administrative IT servers we do a 
multipass electronic wipe of hardisks.  CD's and DVD's go to the shredder, 
and tapes are despooled into the trash after they start getting errors.

Other departments do in fact use a drive shredder, but that is a contractual 
requirement of the research they are doing. 

I have never seen a degauser fail, but I have seen data recovered from a 
degaused drive.  Not readable unless you know how, but still do-able.

Don't destroy the hardware because it is fun, do it because there is a legal 
requirement to do so, and then comply with that requirement.  Most 
requirement documents define what they deem is "adequately eliminated".

Personally I put my drives in a box and let them die of dust bunny poisoning. 

On Tuesday 07 April 2009, Kamnab Keo formed electrons in this pattern:
> We are trying to get a good feel of what methods other institutions are
> using to sanitize electronic storage devices (Hard disk drives, USB flash
> drives, CD, DVD, tapes).  We are particularly interested if you are using a
> degausser, hard drive bending machine or some other physical destruction
> methods (drilling holes in the disk drive, hammers, drive shredder).
>
>
>
> One of our primary concerns is implementing a sanitizing process so that we
> can verify that data is adequately eliminated.  For example, with a
> degaussing machine we would have to connect the disk drive to a computer in
> order to verify that it is no longer usable after the degaussing process.
> Has anyone experienced a failed degausser?
>
>
>
> Your feedback is greatly appreciated
>
>
>
> Kamnab Keo
> IT Risk Management Analyst
> Virginia Commonwealth University
>
> VCU Information Security -  <http://infosecurity.vcu.edu/>
> http://infosecurity.vcu.edu/
> Information Security News, Tips & More -
> <http://www.twitter.com/vcuinfosec> http://www.twitter.com/vcuinfosec
>
> Don't be a phishing victim - VCU and other reputable organizations will
> never use email to request that you reply with your password, Social
> Security number or confidential personal information. For more details
> visit <http://infosecurity.vcu.edu/phishing.html>
> http://infosecurity.vcu.edu/phishing.html.



-- 
......\\|//........^^^^^........)))((........%%%%%........,,,,,......
......(- -)........(o o)........(- o)........(0-0)........(* *)......     
+--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--+
| F.M. (Mike) Taylor........'Recedite, plebes! Gero rem imperialem!'|
| 'Ecce potestas casei'..............GIAC GSEC & GCFW Certified.....|
| Desk: 765-494-1872.....................C: 765-409-8140............|
+-------------------------------------------------------------------+