Educause Security Discussion mailing list archives

Re: Data Sanitization

From: Marty Hoag <marty.hoag () NDSU EDU>
Date: Thu, 9 Apr 2009 11:02:57 -0500

  Is anyone incinerating their hard drives? Some of the local
vendors do that using industrial (e.g., medical waste)
incinerators. I see it is listed as one method in an NSA
document.   marty

Clifford Collins wrote:

The company that handles our paper shredding also shreds our hard
drives. We have a separate, locked bin that they go in until the truck
shows up. Just like the paper shredding they do on site, they shred the
drives into metal filings on site. It has to be a different truck from
the one for paper shredding because of the magnetic materials that
adhere to the cutters that have to be cleaned off, degaussed, and
sharpened regularly. FYI, the company is Shred-it (http://www.shredit.com/).

Clifford A. Collins
Information Security Officer
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"

----- Original Message -----
From: "Kamnab Keo" <kkeo () VCU EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Tuesday, April 7, 2009 2:41:36 PM GMT -05:00 US/Canada Eastern
Subject: [SECURITY] Data Sanitization

We are trying to get a good feel of what methods other institutions are
using to sanitize electronic storage devices (Hard disk drives, USB
flash drives, CD, DVD, tapes).  We are particularly interested if you
are using a degausser, hard drive bending machine or some other physical
destruction methods (drilling holes in the disk drive, hammers, drive
shredder).



One of our primary concerns is implementing a sanitizing process so that
we can verify that data is adequately eliminated.  For example, with a
degaussing machine we would have to connect the disk drive to a computer
in order to verify that it is no longer usable after the degaussing
process.  Has anyone experienced a failed degausser?



Your feedback is greatly appreciated



Kamnab Keo
IT Risk Management Analyst
Virginia Commonwealth University

VCU Information Security - http://infosecurity.vcu.edu/
Information Security News, Tips & More - http://www.twitter.com/vcuinfosec

Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information. For more details
visit http://infosecurity.vcu.edu/phishing.html.

Current thread:

Re: Data Sanitization, (continued)
- Re: Data Sanitization Spransy, Derek (Apr 07)
- Re: Data Sanitization Jason Testart (Apr 07)
- Re: Data Sanitization Stanclift, Michael (Apr 07)
- Re: Data Sanitization Dexter Caldwell (Apr 07)
- Re: Data Sanitization Ray Bruder (Apr 07)
- Re: Data Sanitization Wayne Samardzich (Apr 07)
- Re: Data Sanitization Ray Bruder (Apr 07)
- Re: Data Sanitization Cal Frye (Apr 07)
- Re: Data Sanitization Dexter Caldwell (Apr 08)
- Re: Data Sanitization Clifford Collins (Apr 09)
- Re: Data Sanitization Marty Hoag (Apr 09)
- Re: Data Sanitization Allison Dolan (Apr 16)
- Re: Data Sanitization James Farr '05' (Apr 16)