Educause Security Discussion mailing list archives
PII Scanning Recommendations
From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Thu, 8 Sep 2011 16:41:52 -0500
I'm in the middle of our quarterly PII scans to our web-facing data servers. Typically we scan with a combination of SENF and Spider, while I manually audit the results (i.e. check each and every file myself). As I'm sure you all know, this results in a HUGE list of false-positive reviews. As yet, we do not have a large budget for this aspect of Information Security. I have investigated PII products like Seek-N-Secure and Identity Finder, which are infinitely better. But in the cost/benefit analytical world of "So we have one that works for free, but costs your time; or we can spend $10,000 or so for better tools for each of our data servers...." And I'm sure you know who wins out. So my question is this: What are you guys doing? Has anyone come up with a middle-ground solution to this problem? The free tools are good, not great, but free. The expensive tools are great, not perfect, but expensive. What's the upper-middle class response to PII scans? Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu *P* Save a tree. Please consider the environment before printing this message.
Current thread:
- PII Scanning Recommendations Drew Perry (Sep 08)
- Re: PII Scanning Recommendations Mclaughlin, Kevin (mclaugkl) (Sep 09)
- Re: PII Scanning Recommendations Mclaughlin, Kevin (mclaugkl) (Sep 09)
- Message not available
- Re: PII Scanning Recommendations Drew Perry (Sep 09)
- Re: PII Scanning Recommendations Mclaughlin, Kevin (mclaugkl) (Sep 09)