W dniu 2012-12-13 06:19, Stephen Mednick pisze:
I think what is being overlooked in this discussion is what is the
corporate policy regarding the erasing of disk media.
Unfortunately most of "corporate policies" has very little to do with
common sense or physics. As I heard "this is matter of security, so
don't look for any logic here!".
In planning to erase disk media it's important to seek the advice of
the corporate IT Security advisor or IT auditor and get sign-off as
to what is the approved methodology for erasing disk media.
For a government entity there is more than likely to be a much more
stringent requirement than a straight forward ICKDSF volume erase.
1. ICKDSF (and general tools operating from MVS level) can be ONE OF
USED METHODS. Reformatting array, special "erase data" features can be
another one.
2. You assumed the array will be disposed (sold) after the erasuer. It
may be the case, but doesn't have to be. Another possibility is to
delete production files before the array is used for tests. There are
many scenarios where data should be deleted (erased), but the array is
not leaving server room.
When we talk about very secure erasing methods then we should care about
information security at all. What I mean:
* Recovering your data from bad sectors is ineffective. You MAYBE would
get some chunks, few puzzles of 1000000 set. Interesting or not. You
will go easier way. The weakest link.
* You can get complete data as forgotten copy or backup. There are
plenty of copies, unfortunately not each of them is as well protected as
the original.
* You can download the data, because you have READ access. Data on your
PC are as interesting as the source resinding on very secure dasd array
in secure server room. Your PC can be synchronized with your laptop, the
laptop can be used in home, stolen, virus affected...
* Bribery, blackmail. Very effective way to get interesting data.
The weakest key. Properly erased array is not as attracive as ay of the
above. There is no real reason to strengthen the strong link.
--
Radoslaw Skorupka
Lodz, Poland
--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive.
BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax
+48 (22) 829 00 33, www.brebank.pl, e-mail: [email protected]
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 0000025237, NIP: 526-021-50-88.
Według stanu na dzień 01.01.2012 r. kapitał zakładowy BRE Banku SA (w całości wpłacony) wynosi 168.410.984 złotych.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
