Can you trust your data recovery vendor?

Can you trust your data recovery vendor?
Can you trust your data recovery vendor?

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Henry Kenyon
Sept 03, 2010

Many government and private-sector organizations consider recovering 
data from damaged laptop PC hard drives to be a minor budget item that 
third-party vendors can best handle. But a seemingly inexpensive fix 
could lead to compromised or stolen data, network breaches and other 
security nightmares because organizations typically do not vet data 
recovery vendors.

The National Institute of Standards and Technology has issued new 
guidelines to resolve that problem, but it will be at least a year 
before agencies are required to fully comply with it.

When recovering intellectual property or sensitive documents stored in 
damaged equipment, major security problems can arise if agencies or 
companies have not paid attention to vetting data recovery vendors, 
experts say.

The NIST guidance, which appeared as part of the institute=E2=80=99s Special 
Publication 800-34 Rev 1, "Contingency Planning Guide for Federal 
Information Systems," represents a small part of the publication that 
covers the entire breadth of data recovery procedures for federal 
agencies, said Marianne Swanson, NIST=E2=80=99s senior adviser for information 
systems security.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Subscribe to InfoSec News - 


Site design & layout copyright © 1986-2014 CodeGods