Educause Security Discussion mailing list archives
Re: Quick Survey: How do you "dispose" of outbound hard drives??
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Wed, 29 Sep 2010 11:45:03 -0500
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Wednesday, September 29, 2010 10:56 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound hard drives?? On Wed, 29 Sep 2010 09:32:40 MDT, "SCHALIP, MICHAEL" said:ng white flash" arena, so I'd recommend AGAINST trying to apply thoserulesin this environment.My point was that the vast majority of what higher ed considers sensitive data isn't (in the greater scheme of things) any more sensitive than the "Sensitive But Unclassified" category on the DoD side, so trying any harder than that isn't worth the effort.
You are comparing DoD classification schemes with education and having different needs they will necessarily classify things differently. I originally wrote a lot more, but the short of it is that what is sensitive and how depends on who is asking who. The world of DoD is *far* different than education and it isn't necessarily a matter of greater vs lesser, it is just very, very different. The relevance of an institution's data to national security is largely irrelevant, what matters in the end is the financial risk and from there determining fiscally appropriate mitigations. It doesn't matter how DoD would rate it: different field, different concerns. When it comes to preventing data from being recovered from surplussed hardware I'm of the camp "single overwrite is good enough". I find ATA secure erase interesting because it has potentially less overhead than DBAN (it appears faster allowing higher throughput of drives if that is a concern) and better reliability (vs procedures in place to ensure that interrupted wipes are actually completed). It has caveats, however, that prevent it from being a drop-in replacement for DBAN. Ultimately, each institution has to determine for themselves what their mitigation strategy will be. Some may have external requirements preventing physical destruction, others may find that easier and cheaper due to particulars. Some may wipe with one tool, others with another. As long as they understand the capabilities and risks of their method, all is well. (I may still have a hard drive from a certain department of transportation that had been "wiped" by installing DOS on the drive and then sold -- the "wipe" had no real impact on the NTFS file system.) Tim Doty
Attachment:
smime.p7s
Description:
Current thread:
- Re: Active Domain Architecture in an Academic Environment, (continued)
- Re: Active Domain Architecture in an Academic Environment SCHALIP, MICHAEL (Sep 28)
- Re: Quick Survey: How do you "dispose" of outbound harddrives?? Basgen, Brian (Sep 28)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? David Auclair (Sep 28)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Himes, Daniel Jay (Sep 28)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Solem, Vik P. (Sep 28)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Doty, Timothy T. (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Doty, Timothy T. (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? SCHALIP, MICHAEL (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Valdis Kletnieks (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? John Ladwig (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Doty, Timothy T. (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Ray Bruder (Sep 27)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Consolvo, Corbett D (Sep 27)