Re: HDD Platter Removal

On Thu, 22 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<d586d$43ab4d23$45493f2f$12681@xxxxxxxxxxx>, Winged wrote:

>Part of the issue here is the value of the data. For the average user
>simply making the drive inoperable or DOD wipe is sufficient.

Agreed

>A DOD wipe is somewhat of a misnomer these days.

DOD 5220.22-M was renamed 'National Industrial Security Program Operating
Manual' (NISPOM) (ISBN 0-16-045560-X) in 1995, and is only _required_ by
contract. If you want to do more than that as part of a contracted service,
see the contracting officer for that contract. Some of them are required to
follow the book, rather than going the "extra mile".

>This is overkill in most cases, but seeing articles on 60 minutes about
>data retrieved on a DOD system usually ends up ruining someones career.

In most cases, there is nothing preventing you from destroying the drive
_after_ wiping the drive and making the contracting officer happy. Do
make sure to have a cast iron audit trail. 8 x 10 color pictures with
the description printed on the back might be a good idea.

>Most large metropolitan areas have companies who do this kind of work.
>I would recommend using a company in the business as it probably would be
>much cheaper, depending on the volume of media, and the sensitivity /
>liability of the data to be destroyed.

The grinders aren't that expensive, but the furnace may require local
licensing (air quality issues) that are a pain in the a$$. Companies
that provide "off-site storage" of backup media will often offer this
service as well.

>Outsourcing sometimes makes good economic sense.

Economies of scale - very much so.

Old guy
.