[ISN] Can you trust your data recovery vendor?

From: InfoSec News <alerts_at_private>
Date: Tue, 7 Sep 2010 00:25:01 -0500 (CDT)
http://gcn.com/articles/2010/09/06/data-recovery-vetting.aspx

By Henry Kenyon
GCN.com
Sept 03, 2010

Many government and private-sector organizations consider recovering 
data from damaged laptop PC hard drives to be a minor budget item that 
third-party vendors can best handle. But a seemingly inexpensive fix 
could lead to compromised or stolen data, network breaches and other 
security nightmares because organizations typically do not vet data 
recovery vendors.

The National Institute of Standards and Technology has issued new 
guidelines to resolve that problem, but it will be at least a year 
before agencies are required to fully comply with it.

When recovering intellectual property or sensitive documents stored in 
damaged equipment, major security problems can arise if agencies or 
companies have not paid attention to vetting data recovery vendors, 
experts say.

The NIST guidance, which appeared as part of the institute’s Special 
Publication 800-34 Rev 1, "Contingency Planning Guide for Federal 
Information Systems," represents a small part of the publication that 
covers the entire breadth of data recovery procedures for federal 
agencies, said Marianne Swanson, NIST’s senior adviser for information 
systems security.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Mon Sep 06 2010 - 22:25:01 PDT

This archive was generated by hypermail 2.2.0 : Mon Sep 06 2010 - 22:32:15 PDT