(ISC)² Links

CATEGORIES

Archives

More...

(ISC)² Twitter Updates

  • (ISC)² Twitter Updates

    About the
    (ISC)² Blog

    • (ISC)² believes in the importance of open dialogue and collaboration, between both (ISC)², its certified members and members of business and society.

      (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.

      The postings on this site are the author's own and don't necessarily represent
      (ISC)²'s positions, strategies or opinions. (ISC)² does not control, monitor, or endorse any links provided in this blog and makes no warranty or statement regarding the content on any linked website.

      Those who post comments to blogs should ensure their comments are focused on the topic at hand. (ISC)² reserves the right to remove any post or comment from this site.

      Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org.

      Please click here for FAQs.

      Please click here for the Blog guidelines.

    Enter your email address:

    Delivered by FeedBurner

    « Presenting risk | Main | Spellcheckers creating disaster »

    19 March 2009

    Secure data erasure

    For all the trouble we have to take to protect, backup, and maintain our data, when we want to get rid of it, it turns out to be remarkably difficult.  Do we delete  Overwriting delete?  Overwrite 40 times?  Overwrite 40 times including all the slack space?  Degauss?  Get out the thermite?

    This site presents a faster and easier option.  There is software, and also a paper (possibly self-serving ...) explaining the option, and why it is very often good enough.

    Posted by Rob Slade on 19 March 2009 in Confidentiality, Digital Forensics, Events, IT Security, Legal, Operations Security, Privacy, Risk, Slade, Training |

    TrackBack

    TrackBack URL for this entry:
    http://www.typepad.com/services/trackback/6a00e54f109b6788340112797e491528a4

    Listed below are links to weblogs that reference Secure data erasure:

    Comments

    How exactly does this set itself apart from tools like DBAN or just encrypting your HDD with TrueCrypt and a random key that you forget?
    It's probably not the ease of use since you have to create a bootable disk (most users have no clue about this).
    Time? Unknown, since there's no information about the algorithm used, only a vague reference to the ATA T13 committee.
    Security? Doubtable. To quote Peter Gutmann "A good scrubbing with random data will do about as well as can be expected", and a disc encrypted with AES and Twofish will probably die from mechanical failure before it's brute-force decrypted.Portability? Most certainly not. The tool presented requires a MS-DOS compatible environment to run, which pretty much limits it to x86 compatible hardware, and by using ATA commands to clean the disk it limits itself even further. DBAN is currently being ported to Apples PowerPCs, and doesn't care if the disc is (S)ATA, SAS/SCSI, or something else.

    Posted by: Peter L. | 20 March 2009 at 03:19

    Hello.

    I too was enthusiastic about this technology when I first heard about it: http://hype-free.blogspot.com/2009/03/secure-erase.html

    However a commenter, who seemed very knowledgeable, pointed out several drawbacks, which you can read about in the comments sections of the above blogpost.

    Regards.

    Posted by: Cd-MaN | 20 March 2009 at 11:04

    The comments to this entry are closed.

    The (ISC)² bloggers

    • Tipton W. Hord Tipton, CISSP-ISSEP, CAP, (ISC)² Executive Director
      Schmidt Prof. Howard A. Schmidt, CISSP, CISM (Hon.)
      Sarah E. Bohne, Director of Communications & Member Services

    Recent Contributors

    Past Contributors