[Dataloss] hard drive destruction

DAIL, ANDY ADAIL at sunocoinc.com
Wed Aug 16 12:09:10 EDT 2006 

Don't forget contractual and cost considerations either.  For instance,
we have computers in over 5,000 gas stations.  When a hard drive goes
out in one of those PC's, our contract with Dell requires us to send in
the old drive in order to receive a new one under warranty.  We could
pay extra and just get a new drive and destroy the old one, but why make
it more expensive?  We ensure the drive is clean, then we ship it to
Austin.  It adds a step, but it is still cheaper than buying new drives
all the time (funny how those $100, 500 GB drives at CompUSA never seem
to make it onto my commercial account ordering lists).

Too many decision makers are led down the most expensive solution to a
problem for the sake of ease, because of paranoia or inexperienced
staff.  The more simple and inexpensive the solution (assuming it is
effective, or adequate compensating controls can be deployed), the more
likely it is to be followed by staff, and the more likely I am to still
be managing the effort next year. :)



Andy Dail
Sunoco PCI Project Manager


	-----Original Message-----
	From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of blitz
	Sent: Wednesday, August 16, 2006 10:58 AM
	To: George Toft
	Cc: dataloss at attrition.org
	Subject: Re: [Dataloss] hard drive destruction


	Generally, Im for recycling drives as much as possible, for not
too many have the resources to access an electron microscope needed to
see anything left over after a DOD approved wipe and rewrite scheme.
	If it were National security, incineration is the only way, as
you'd be dealing with entities with the time and money. PII theft is
usually a crime of opportunity.
	A DOD 5200.28 wipe should suffice.


	At 09:32 8/16/2006, you wrote:


		Just wondering what the group feels is an adequate level
of destruction
		for a hard drive that contains personal financial
information . . .
	
		A. Using software to wipe the drive to DOD 5200.28 spec.
	
		B.  Cutting the platters in half (great big saw that
essentially chops
		the drive into two pieces).
	
		C.  Drilling out the center of the platter with a 2"
drill bit.
	
		D.  Hard drive degausser.
	
		E.  Other - please specify.
	
		--
		George Toft, CISSP, MSIS
		My IT Department
		www.myITaz.com <http://www.myitaz.com/>
		480-544-1067
	
		Confidential data protection experts for the financial
industry.
		_______________________________________________
		Dataloss Mailing List (dataloss at attrition.org)
		http://attrition.org/dataloss
		Tracking more than 142 million compromised records in
303 incidents over 6 years.


	--
	This message has been scanned for viruses and
	dangerous content by MailScanner <http://www.mailscanner.info/>
, and is
	believed to be clean.



This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20060816/08d7e29b/attachment.html

More information about the Dataloss mailing list