Re: Why organisations destroy storage media they c...

Caute_cautim · ‎10-06-2022

Hi All

A very interesting piece, on why organisations destroy storage media, whereas they could reuse it?

Some of us, who been in the game, realise there are means and ways of restoring data, even after wiping, and pattern writes etc, to many levels down.

https://www.ft.com/content/31185370-87f3-4ecb-b64d-341bbc4e5c22?shareType=nongift

"The UK’s Department for Education, Department for Work and Pensions, Police Scotland and Police Service Northern Ireland told the FT that they shred all decommissioned data-storing devices. Northern Ireland’s force says it has shredded 30,000 pieces of equipment including servers and hard drives over the past two years."

Regards

Caute_Cautim

Steve-Wilme · ‎10-07-2022

It could be that compliance frameworks require physical destruction of media and that they may not be able to get alternative approaches past their accreditor. It used to be that IAS No.5 was mandated.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

grut · ‎10-07-2022

Hi,

Simpel explanation :

simple fail safe proces. {We destroy / schred all media and confidential media is pre wiped. if wipe fails then the shredder will destroy everything 😁 }
Price / time of labor for wipe, test and reuse storage media. <- Not fail safe !
focus on confidentiality eg Bell–LaPadula security model "write up, read down" (WURD)
Price of metals

2 is costly, 3 gives organisational headache & not fail safe.

1 is the winner and 4 is at the moment nice. ( schredd and sell is cheaper than trade-in / re-use)

Why organisations destroy storage media they could reuse