[ISN] DOD repurposed IT equipment without scrubbing sensitive info, audit reveals

From: InfoSec News <alerts_at_private>
Date: Thu, 24 Sep 2009 00:18:56 -0500 (CDT)
http://fcw.com/articles/2009/09/23/inspector-general-audit.aspx

By Amber Corrin
FCW.com
Sept 23, 2009

Some Defense Department organizations haven't scrubbed data from 
information technology equipment before disposing of the hardware, 
resulting in the possible release of information that could be used for 
identity theft, or releasing other sensitive DOD information, according 
to an Inspector General audit.

An investigation by DOD's IG also found that one organization had lost 
track of one unclassified computer entirely, the report said. The IG 
released the report Sept. 21.

Also failing to meet guidelines was the Defense Reutilization and 
Marking Service, the destination for much of the excess IT equipment in 
question. DRMS processing centers are charged with ensuring proper 
sanitization before the equipment is released for reuse by other 
government agencies and non-governmental organizations.

The audit showed that several DOD organizations did not follow disposal 
policies, did not properly train personnel or did not develop and 
implement on-site procedures for the authorized release of IT equipment. 
Unaccounted-for equipment and hard drives with leftover readable 
information, including data such as Social Security numbers and e-mail 
folders, comprised most of the instances of noncompliance.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Wed Sep 23 2009 - 22:18:56 PDT

This archive was generated by hypermail 2.2.0 : Wed Sep 23 2009 - 22:29:36 PDT