Re: Identify Finder

["Shamblin, Quinn (shamblqn)" <shamblqn () UCMAIL UC EDU>]

If you want to experiment with a version of this product that can scan remote systems, you can contact this person.  He 
has been very helpful as we have been testing.  Also, it is possible to script the use of this tool to automate scans 
across multiple systems.

Todd Feinman [mailto:todd.feinman () identityfinder com]
212-399-2449

Regards, 
 
Quinn R. Shamblin
Information Security Officer
GCFA, CISSP, PMP
University of Cincinnati 
(513) 556-0803
quinn.shamblin () uc edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Thursday, February 28, 2008 11:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Identify Finder

Yes, I forgot about this feature.  I believe the custom config of the
more advanced versions will also allow you to use a custom keyword (like
"Student ID") with an SSN check, but it's been a while since I've looked
at it, so I could be wrong.  

I agree that it's more user friendly than Spider (our recommended tool
for Windows) and SENF (our recommended tool for other platforms), but we
weren't willing to invest in a commercial tool until, at the very least,
it supported both Windows and Mac.  Naturally, it would also have to
demonstrate a value that justified the cost over the open source
options.  

Brad Judy

IT Security Office
University of Colorado at Boulder


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theodore Pham
Sent: Wednesday, February 27, 2008 6:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Identify Finder

The Professional and Enterprise versions of Identity Finder have
incorporated 
unformatted SSN searching.  By default, it requires the file to have
some 
keyword (SSN, Social Security Number, SS#, etc) and have at least 3
potential 
SSNs in it in order to declare it a "match".  This of course helps cut
down on 
false positives.

You can opt to remove the keyword criteria or reduce the number of
potential 
SSNs required for a match through the options page.  You can also
completely 
disable unformatted SSN search or restrict it to only Excel and CSV
files.  Of 
course modifying the defaults increases search time and false positive
rates, 
but you have the options.

For more details, see: 
http://www.identityfinder.com/help/AnyFind_Settings_Page.htm


We've site licensed the Enterprise version and started our deployment
last 
month on a voluntary basis to all faculty, students and staff for use on
both 
university owned and personal equipment.  Previously we had suggested
the use 
of Spider and were looking at customizing it, but Spider just wasn't
user 
friendly enough in its current incarnations.

So far our biggest hurdle has been convincing both our admins and end
users 
that the tool is really simple enough for almost everyone to use.  I
think 
they were expecting it to be more like Spider so they were reluctant at
first, 
but we're making headway.  Having folks run it for the first time and
seeing 
how much of their own personal information is floating around has really

helped open eyes, not to mention how easy it to clean things up with the

interface.

Our next step is continuing to educate our mid and upper level
management 
about the risks and options so that they will set appropriate local
policies 
for their departments.  It takes so long to pass a university policy
much less 
attempt to enforce it in a distributed support environment like ours
that 
partnering on a local level should give us broader adoption more
quickly.  Not 
saying that executive mandate isn't a good thing to have, but it's
easier to 
convince management when you've got some positive momentum.

We asked for an MSI installer version from the vendor (got it in about 3
days) 
and bundled it with our license file for the initial deployment.  We're 
starting to work with our admins to deploy via Active Directory GPO and
to 
target our high risk populations.

So my point is that the whole PII cleanup effort is a very social
problem. 
And so far we've found Identity Finder to be a nice fit to tackling that

problem even with it's technical shortcomings.

The vendor is very willing to work with us on Identity Finder's rough
edges. 
And it's got an assortment of rough edges.

Ted Pham
Information Security Office
Carnegie Mellon University

Brad Judy wrote:
> FYI: The approach I've recommended for the non-hyphenated formats is
to
> search using the most common first three digits for your students.
This
> catches most large lists of SSN's while minimizing false positives.
> Additionally, I highly recommend the use of boundary conditions for
any
> regular expression searches. =20
>
> For example, here's a simple regular expression that could be used for
> one portion of Colorado SSN's:
>
> \b65[0-3]\d{6}\b
>
> I beleive the more advanced versions of Identity Finder allow for
custom
> regular expression searches, so one could add a check like the one
> above.
>
> In my experience, the vast majority of large SSN repositories/lists
use
> a straight nine digit format, so skipping it will likely mean not
> detecting your highest impact files.   When it comes to data breaches,
> finding these large repositories is a higher priority than the ability
> to look into a variety of files types to find single items. =20
>
> Brad Judy
>
> IT Security Office
> University of Colorado at Boulder
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Isac Balder
> Sent: Wednesday, February 27, 2008 4:53 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Identify Finder
>
> So far we are impressed.  Though it skips information not in a dashed
> format.  We had a few instances were home brew apps were handling data
> without the dash and Identity finder missed it.  On the other hand
I'll
> take that over a slew of false positives on straight nine digit
numbers.
> I have heard that the vendor is working on a central reporting /
> management server.
>
> Yes it only finds data that is resident and not in transmission.  But
we
> have found that most users are not even aware of the data that is on
> their system.=20
> Step 1) identitfy, Step 2) eduacate, Step 3) mitigate the transmission
> factor.
>
> The thing we really liked about Identity Finder was the ease of use
for
> the average user, the fact that it scans the Outlook PST files (were
we
> tend to find the block of data), and none ASCII files like PDF.
>
>
> I.B.
>
>
>
> --- "McNeil, Sharon McLawhorn" <McLawhorns () ECU EDU>
> wrote:
>
> > Does anyone have experience with the scanning tool "Identify Finder"?
> > We're looking for a tool to assist us in discovering sensitive
data=20
> > such as SSN's, credit card numbers, etc.
> > =20
> > =20
> > =20
> > Thanks,
> > =20
> > =20
> > =20
> > Sharon M. McNeil
> > =20
> > IT Security Analyst
> > =20
> > Dept. of ITCS
> > =20
> > East Carolina University
> > =20
> > 252-328-9112 (Phone)
> > =20
> > 252-328-4258 (Fax)
> > =20
> > mclawhorns () ecu edu
> > =20
> > =20
> > =20
> > =20
>
>
>
> =20
________________________________________________________________________
> ____________
> Looking for last minute shopping deals? =20
> Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=3Dshopping
>