Title :
Disposal of Disk and Tape Data by Secure Sanitization
Author :
Hughes, Gordon F. ; Coughlin, Tom ; Commins, Daniel M.
Author_Institution :
Center for Magn. Recording Res., Univ. of California, San Diego, CA, USA
Abstract :
User data is often unprotected on disk and tape drives or not erased when no longer needed, creating data security vulnerabilities that many computer users are unaware of. Federal and state laws require data sanitization, which comprises a variety of data eradication methods. Secure sanitization refers to methods meeting those federal and state laws. Companies that fail to meet these laws can be subject to fines of $5 million, and individuals can be imprisoned for up to 10 years. Physical destruction of storage devices offers the highest security. But executing the disk drive internal secure-erase command also offers a higher security level than external-block-overwrite software, according to federal guideline NIST 800-88. Recent disk drives with internal full disk encryption now implement an enhanced secure-erase command that takes only milliseconds to complete.
Keywords :
disc drives; law; security of data; data eradication method; data sanitization; data security; disk drive internal secure-erase command; disk drives; disk encryption; external-block-overwrite software; federal guideline NIST 800-88; tape drives; Cryptography; Data privacy; Data security; Disk recording; Drives; File systems; Linux; NIST; Open source software; World Wide Web; ANSI; FIPS 140; NIST 800-88; Trusted Computing Group; data encryption; data sanitization; degaussing; enhanced secure erase; information resource management; legal; mass storage; secure erase; security and privacy protection; storage management;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2009.89
