Educause Security Discussion mailing list archives
Re: Quick Survey: How do you "dispose" of outbound hard drives??
From: "Perry, Jeff" <perry () KU EDU>
Date: Thu, 30 Sep 2010 09:22:14 -0500
We do the same secure dropoff method or our ewaste staff will pick them up and sign for them. This allows us a lot better control over the process (and better instruction following). We've sampled disks in our forensic lab and have yet to find one that the 10k gauss (multipass) degausser didn't cook but you are absolutely correct, the smaller degaussers (especially the ones where you slide it over a magnet or run it through a little tunnel etc) aren't sufficient for the newer high coercivity disks and tape media (like lto4 etc). Our biggest issue w/ degaussers is making sure the amount of ferrous material attached to the drive is minimized. If you've ever seen a 400lb degausser jump, it's a frightening thing. Good word to the wise though. J -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Green Sent: Wednesday, September 29, 2010 4:29 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound hard drives?? Degaussing used to be our standard disposal method for Equipment Accounting. We found, even when properly performing the degauss per vendor instructions, that it was often possible to read data and it was too easy to not follow the instructions. One solution was to buy a better destruction tool but it was easier to give everyone a place to dump them and we ferry them to an 50hp industrial shredder on campus that we already had to destroy other types of waste. It's not the DOD "fine mesh" but chipped HDs seemed reasonable. http://main.uab.edu/Sites/it/faqs/57722/ http://main.uab.edu/Sites/it/documents/80781.pdf -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Perry, Jeff Sent: Wednesday, September 29, 2010 3:20 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound hard drives?? Good points all around (re: dod vs EDU).
Michael wrote: " higher ed typically doesn't play in the "blinding
white flash" arena, so I'd recommend AGAINST trying to apply those rules in this environment." This is indeed why we stuck to degaussing as our "nuclear option" and didn't go with a degauss+physical shredder policy (and the noise and cost and mess associated with it). The method that each division/school must use on our campus is stipulated in our data classification policy. We have a matrix that basically says "if the system is rated Category 1 and is moving to another Category 1 use internally do XYZ. " If it's moving down (cat 1 -> 2) internally do 123" "If it's leaving us entirely do ABC".
Current thread:
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Perry, Jeff (Sep 28)
- <Possible follow-ups>
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Eric Jernigan (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Valdis Kletnieks (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Eric Jernigan (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Eric Jernigan (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Perry, Jeff (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? SCHALIP, MICHAEL (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Anthony Maszeroski (Sep 30)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Chris Green (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? SCHALIP, MICHAEL (Sep 29)
- Re: Quick Survey: How do you "dispose" of outbound hard drives?? Perry, Jeff (Sep 30)