<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1555" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=989370116-16082006>Don't
forget contractual and cost considerations either. For instance, we
have computers in over 5,000 gas stations. When a hard drive goes out
in one of those PC's, our contract with Dell requires us to send in the old
drive in order to receive a new one under warranty. We could pay extra and
just get a new drive and destroy the old one, but why make it more
expensive? We ensure the drive is clean, then we ship it to Austin.
It adds a step, but it is still cheaper than buying new drives all the time
(funny how those $100, 500 GB drives at CompUSA never seem to make it onto my
commercial account ordering lists).</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=989370116-16082006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=989370116-16082006>Too
many decision makers are led down the most expensive solution to a problem for
the sake of ease, because of paranoia or inexperienced staff. The more
simple and inexpensive the solution (assuming it is effective, or adequate
compensating controls can be deployed), the more likely it is to be followed by
staff, and the more likely I am to still be managing the effort next year.
:)</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> </DIV><!-- Converted from text/rtf format -->
<P><SPAN lang=en-us><FONT face=Arial size=2>Andy Dail</FONT></SPAN> <BR><SPAN
lang=en-us><FONT face=Arial size=2>Sunoco</FONT> <FONT face=Arial size=2>PCI
Project Manager</FONT></SPAN> <BR> </P>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B>
dataloss-bounces@attrition.org [mailto:dataloss-bounces@attrition.org] <B>On
Behalf Of </B>blitz<BR><B>Sent:</B> Wednesday, August 16, 2006 10:58
AM<BR><B>To:</B> George Toft<BR><B>Cc:</B>
dataloss@attrition.org<BR><B>Subject:</B> Re: [Dataloss] hard drive
destruction<BR><BR></FONT></DIV><FONT size=3>Generally, Im for recycling
drives as much as possible, for not too many have the resources to access an
electron microscope needed to see anything left over after a DOD approved wipe
and rewrite scheme.<BR>If it were National security, incineration is the only
way, as you'd be dealing with entities with the time and money. PII theft is
usually a crime of opportunity.<BR>A DOD 5200.28 wipe should
suffice.<BR><BR><BR>At 09:32 8/16/2006, you wrote:<BR>
<BLOCKQUOTE class=cite cite="" type="cite">Just wondering what the group
feels is an adequate level of destruction <BR>for a hard drive that contains
personal financial information . . .<BR><BR>A. Using software to wipe the
drive to DOD 5200.28 spec.<BR><BR>B. Cutting the platters in half
(great big saw that essentially chops <BR>the drive into two
pieces).<BR><BR>C. Drilling out the center of the platter with a 2"
drill bit.<BR><BR>D. Hard drive degausser.<BR><BR>E. Other -
please specify.<BR><BR>-- <BR>George Toft, CISSP, MSIS<BR>My IT
Department<BR><A
href="http://www.myitaz.com/">www.myITaz.com</A><BR>480-544-1067<BR><BR>Confidential
data protection experts for the financial
industry.<BR>_______________________________________________<BR>Dataloss
Mailing List (dataloss@attrition.org)<BR><A
href="http://attrition.org/dataloss">http://attrition.org/dataloss</A><BR>Tracking
more than 142 million compromised records in 303 incidents over 6
years.</FONT></BLOCKQUOTE><BR>-- <BR>This message has been scanned for viruses
and <BR>dangerous content by <A
href="http://www.mailscanner.info/"><B>MailScanner</B></A>, and is
<BR>believed to be clean. </BLOCKQUOTE></BODY></HTML>
<table><tr><td bgcolor=#ffffff><font color=#000000>This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.<br>
</font></td></tr></table>