infosec-news September 2010 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Can you trust your data recovery vendor?

[ISN] Can you trust your data recovery vendor?

From: InfoSec News <alerts_at_nospam>
Date: Tue Sep 07 2010 - 05:25:01 GMT

By Henry Kenyon
Sept 03, 2010

Many government and private-sector organizations consider recovering
data from damaged laptop PC hard drives to be a minor budget item that
third-party vendors can best handle. But a seemingly inexpensive fix
could lead to compromised or stolen data, network breaches and other
security nightmares because organizations typically do not vet data
recovery vendors.

The National Institute of Standards and Technology has issued new
guidelines to resolve that problem, but it will be at least a year
before agencies are required to fully comply with it.

When recovering intellectual property or sensitive documents stored in
damaged equipment, major security problems can arise if agencies or
companies have not paid attention to vetting data recovery vendors,
experts say.

The NIST guidance, which appeared as part of the institute’s Special
Publication 800-34 Rev 1, "Contingency Planning Guide for Federal
Information Systems," represents a small part of the publication that
covers the entire breadth of data recovery procedures for federal
agencies, said Marianne Swanson, NIST’s senior adviser for information
systems security.


Subscribe to InfoSec News -