Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: HD destruction
From: John Bullock <John.Bullock () DAL CA>
Date: Thu, 15 Mar 2007 10:57:02 -0300

Like everthing else you have to weigh the risk.  It is 'very difficult' to
recover data from scrubbed discs.  We are developing a standard that will
probably have three levels depending on the data sensitivity and will go
something like this:

LEVEL 1 (minimum)
DoD Short (option 3 in DBAN**)
- based on the American Department of Defense Standard 5220-22.M. It makes
three of the seven passes recommended under the standard.

LEVEL 2 (More sensitive data)
DoD 5220-22.M (option 4 in DBAN)
- it makes all seven DoD recommended passes across each hard drive.

LEVEL 3 (Most sensitive data)
Destruction of hard drive
- requires documentation commensurate with the retension of the serial
numbered hubs from each drive for audit purposes

** http://dban.sourceforge.net/

I expect all our scrubbing will be done in-house.  For that matter our
destruction will be in-house for now.  The last time I checked for us to
have the drives destroyed by a reputable outside organization meant shipping
the drives over 1000km (500mi) which presents some additional risk.

For scrubbing, whether in-house or outside, I believe that the single
greatest risk is missing a drive.  Unfortunately they look exactly the same
whether scrubbed or not.  A rigorous procedure, including documentation,
will be key.

Cheers,

John Bullock
Information Security Manager
Dalhousie University

-----Original Message-----
From: Ray Bruder [mailto:bruder () DUQ EDU]
Sent: 2007 March 15 10:23
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] HD destruction

    We currently use an outside vendor to destroy our hard drives and
receive a document of certification this work has been completed.    Does
anyone simply have the HD's scrubbed and receive a certified doc and feel
this is sufficient?  I was led to believe in the past that you can still
recover data from scrubbed drives.



Thank you,

***************************************
** Ray Bruder
** Manager, Computer Operations
** Duquesne University
** CTS, Rockwell Hall
** Pittsburgh, PA 15282
** Work: (412)396-5775
** Fax   : (412)396-5144
***************************************

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault