Re: Data Sanitization

[James Farr '05' <jfarr () UTICA EDU>]

The locked bin is a good solution as long as it is protected.  1 minute on
YouTube will tell you how to pick just about any type of lock.


We set up an old machine that's only purpose is to wipe drives using a
bootable cd  <http://www.dban.org/> Darik's Boot And Nuke.    We use an
outside company for tapes and other media who certify that the data has been
destroyed and disposed of in an eco friendly manner, when possible.




IITS will never ask you for your password unsolicited.  Do not share your
password with others.



James Farr

Information Security Officer

Instructional Technologist

Utica College

jfarr () utica edu

315-223-2386



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Allison Dolan
Sent: Thursday, April 16, 2009 9:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Data Sanitization



Some of the bigger shredding service companies with offsite shredding
services (e.g. Cintas) will take hard drives in the same locked bins as
paper, CDs, DVDs etc (whatever will fit in the slot).  That can certainly
make things easier for the end user ('put anything sensitive in the box')
and the shredding process mixes your stuff with many others.  As with
everything there are tradeoffs - the security of the locked collection bin
as well as the security of materials as they are being carted off to the
shredding facility.



Allison F. Dolan

Program Director, Personally Identifiable Information

Massachusetts Institute of Technology

77 Massachusetts Ave  NE49-3021

Cambridge MA 02139-4307

Phone: (617) 252-1461

http://mit.edu/infoprotect







On Apr 9, 2009, at 11:41 AM, Clifford Collins wrote:





The company that handles our paper shredding also shreds our hard drives. We
have a separate, locked bin that they go in until the truck shows up. Just
like the paper shredding they do on site, they shred the drives into metal
filings on site. It has to be a different truck from the one for paper
shredding because of the magnetic materials that adhere to the cutters that
have to be cleaned off, degaussed, and sharpened regularly. FYI, the company
is Shred-it (http://www.shredit.com/).

Clifford A. Collins
Information Security Officer
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"

----- Original Message -----
From: "Kamnab Keo" <kkeo () VCU EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Tuesday, April 7, 2009 2:41:36 PM GMT -05:00 US/Canada Eastern
Subject: [SECURITY] Data Sanitization

We are trying to get a good feel of what methods other institutions are
using to sanitize electronic storage devices (Hard disk drives, USB flash
drives, CD, DVD, tapes).  We are particularly interested if you are using a
degausser, hard drive bending machine or some other physical destruction
methods (drilling holes in the disk drive, hammers, drive shredder).



One of our primary concerns is implementing a sanitizing process so that we
can verify that data is adequately eliminated.  For example, with a
degaussing machine we would have to connect the disk drive to a computer in
order to verify that it is no longer usable after the degaussing process.
Has anyone experienced a failed degausser?



Your feedback is greatly appreciated



Kamnab Keo
IT Risk Management Analyst
Virginia Commonwealth University

VCU Information Security - http://infosecurity.vcu.edu/
Information Security News, Tips & More - http://www.twitter.com/vcuinfosec

Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information. For more details visit
http://infosecurity.vcu.edu/phishing.html.