Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Poll Results - PollSANS Internet Storm Center InfoSec Poll Results


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Poll Results

0 % =>...we return to the vendor for warranty replacement, without special precautions
16.9 % =>...we degauss before returning for replacement
0 % =>...we shred/destroy, forgoing the warranty
0 % =>...we return to a vendor who provides full assurance and traceability
0 % =>...our contract allows to hold the drive back in warranty replacement
Total Answers: 679

Selected Comments

  • Destroy if the disk is truely does not spin up. Small cost compared to fines for personal data exposure.
  • Degaus is no longer an option on new drives. Data has been proven to be retrievable. You must shred and smelt
  • You pay more for it, but you can get a maintenance contract where you do not have to return the drive. The previous place I worked used a substantial # of NAS devices and when a drive failed we received a replacement. Our failed drive was destroyed.
  • We usually get hardware verified/replaced on site, and once the technician confirms the drive is dead, it's no problem having them throw it in the shredder.
  • The drives pile up on-site until the space they occupy justifies the cost of getting a company to destroy them securely (with documentation.)
  • Encrypt the drive BEFORE placing data on it (PGP, TrueCrypt. . .). That way, when it goes out, it doesn't matter _what_ you do with it.
  • One vendor requires return of the faceplate of drive only, not the platters.
  • replacements needed immediately - warranty takes weeks...
  • Poll Archives

    1. How bad do you think Badlock will be?
    2. The end of XP is looming where are you at?
    3. What is going to trouble you the most in 2014?
    4. What are your plans when XP is no longer supported?
    5. What is your main concern about Java?
    6. Which of the following issues impacted the most your business in 2012?
    7. What are the top 5 unresolved (or underresolved) security issues of 2012?
    8. Cyber Security Awareness Month Activities 2012
    9. Are you currently using a Security Information and Event Management (SIEM) solution to collect security logs?
    10. Which security patch delivery schedule do you prefer? Choose according to your role-- if you install the patches yourslef, choose the system administration option.
    11. Which security patch delivery schedule do you prefer?
    12. Phishing and client side attacks, the future?
    13. What security issue concerns you the most this year?
    14. Do you monitor or otherwise secure your printers in your environment?
    15. In the coming 12 months, what is your deployment plan or status with IPv6?
    16. How are you dealing with Malicious Domains?
    17. How is your organization dealing with Windows executables?
    18. Which of the following issues affected your business in 2010?
    19. What is your biggest fear with Mobile Devices in your enterprise?
    20. The most annoying web application attacks are ...
    21. What is your opinion of the actions of the "Microsoft-Spurned Researcher Collective"? (Full disclosure with no vendor notification)
    22. How do you protect your internet connected mobile devices such as smart phones and PDAs from malware and how do you know it works?
    23. How is your organization handling PDF documents?
    24. What DNS server do you use as a resolver?
    25. I back up data on my home PCs...
    26. Do you have port 445 blocked at your firewall?
    27. How many insider threat cases have you dealt with so far this year?
    28. Trial software and Bloat pre-installed on new PCs...
    29. Has your organization dealt with any of the following during the past 12 months?
    30. Do you use virtualization in the DMZ?
    31. Defective harddisks under warranty, containing sensitive data...
    32. Microsoft's 'responsible' behavior in releasing MS09-017 was:
    33. Does your organization have a pandemic plan?
    34. Our web application security is controlled by:
    35. How was your organization affected by Conficker C?
    36. How is your organization handling Conficker C?
    37. If you plan to deploy, or have deployed Wireless, in what frequency do you plan to deploy 802.11n?
    38. Have you received notification that you are the victim of a security breach? If so, did you receive an offer for credit monitoring?
    39. How is the economic downturn affecting your IT Security Program?
    40. My security budget for 2009 is:
    41. Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
    42. How are you securing your Wireless Networks?
    43. How are you handling the “out-of-band” MS08-067 patch?
    44. What activities are you having for Cyber Security Awareness Month?
    45. When was your last Incident Response Test Exercise?
    46. How are you handling the DNS vulnerability issue?
    47. How do you handle data leakage protection?
    48. How do you secure remote presentation software (Webex, Netmeeting, etc)?
    49. What have you done to secure your home networking equipment?