[ISN] City's computer disposal might pose data-theft risks

From: InfoSec News <alerts_at_private>
Date: Wed, 4 May 2011 00:41:14 -0500 (CDT)

By Doug Caruso
May 2, 2011 

Columbus could be placing sensitive data in danger of theft when it 
retires old computers, a security expert warned.

The city's Department of Technology receives guarantees from its 
computer-disposal vendor that hard drives and other data-containing 
computer parts have been destroyed. But city technicians keep no record 
of what they have taken out of service and sent for destruction, The 
Dispatch learned through a public-records request.

That makes it difficult to ensure that all the retired equipment has 
been disposed of properly, said Gene Spafford, a Purdue University 
professor who is executive director of the school's Center for Education 
and Research in Information Assurance and Security.

"If they don't have positive tracking between tracking what's in the 
system and tracking what's being disposed of with one-to-one matches of 
serial numbers, it's possible for someone to steal the equipment without 
anybody knowing about it," Spafford said.

The city government, which handles income-tax records and medical 
records, among other sensitive data, has never lost any of it, said Gary 
Cavin, the city's technology director.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Tue May 03 2011 - 22:41:14 PDT

This archive was generated by hypermail 2.2.0 : Tue May 03 2011 - 22:47:37 PDT