SpotTheCat wrote:USB drives should be banned at all sensitive locations. Case in point Stuxnet.
Not at all disagreeing with you, as I agree.
That said, my office isn't handling data that requires the BFG9000 approach to data security. I'm also pointing out the absurdity of the BFG9000 approach without closing the gaping gaps in security like thumbdrives or disc burners.
This is how this little absurdity play went down. The IT boffins (universally known as Itchy & Scratchy) said that we had too much data on the network drive and we needed to delete some of it as it was bogging down their nightly backup. The offensive data was PDF files we received in our regulatory examination process (i.e. PDF copies of mortgage loan files). OK, you want to remove data from the server. I hit up Newegg, bought a $30 WD 120GB external drive, removed the 8GB of PDFs to the external, which was formatted as a whole-disk TrueCrypt drive. My boss (he's a hippie at heart who spent 8 years driving charter boats in the Caribbean for A-list celebs) goofed by saying in a high-level Dept meeting how we'd solved our problem, which angered people with more power than brains, who then issued the kill order on a harmless piece of hardware. I finally brought the offending device to the IT boffins today. The head boffin (Itchy) agrees with me in that a 7-pass wipe, followed by a partition table delete, a hard reformat, and a second 7-pass wipe is more than enough to destroy the data, but the IT megaboffins say that he must bust out the drill and drill completely through the drive.
He's required to drill through each chip on every stick of RAM he removes from a machine for any reason.
I never knew that the NSA was based in Vermont.