http://gcn.com/articles/2010/09/06/data-recovery-vetting.aspx By Henry Kenyon GCN.com Sept 03, 2010 Many government and private-sector organizations consider recovering data from damaged laptop PC hard drives to be a minor budget item that third-party vendors can best handle. But a seemingly inexpensive fix could lead to compromised or stolen data, network breaches and other security nightmares because organizations typically do not vet data recovery vendors. The National Institute of Standards and Technology has issued new guidelines to resolve that problem, but it will be at least a year before agencies are required to fully comply with it. When recovering intellectual property or sensitive documents stored in damaged equipment, major security problems can arise if agencies or companies have not paid attention to vetting data recovery vendors, experts say. The NIST guidance, which appeared as part of the institute’s Special Publication 800-34 Rev 1, "Contingency Planning Guide for Federal Information Systems," represents a small part of the publication that covers the entire breadth of data recovery procedures for federal agencies, said Marianne Swanson, NIST’s senior adviser for information systems security. [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Sep 06 2010 - 22:25:01 PDT
This archive was generated by hypermail 2.2.0 : Mon Sep 06 2010 - 22:32:15 PDT