Educause Security Discussion mailing list archives
Re: Due Diligence for Identity Finder Scanning
From: James Smith <jamessm010 () GMAIL COM>
Date: Mon, 14 Jul 2014 16:42:39 -0400
Jim, We have chosen to base our frequency on the number of business processes in the area that use highly sensitive information. For instance, a department such as H.R. that handles H.S.I on a regular basis is scanned quarterly. A department like Archeology on the other hand, is only scanned on an annual basis. This allows us to really focus on the area's that matter, without desensitizing the users to the process and having them just ignore all of the results. James Smith, GSEC, GPEN Data Security Coordinator University of Notre Dame 574-631-9342 On Mon, Jul 14, 2014 at 4:30 PM, Pardonek, Jim <jpardonek () luc edu> wrote:
We are having some discussion here as to what would be an acceptable frequency to perform desktop scans for ssn’s and CC#s. At the university I was at previously, we did a scan once a month and required the end user to remediate. Here we have a bi-annual scan where a data steward meets with the end user to assist and attest remediation. What are others thoughts on frequency and remediation responsibility. Thanks and have a wonderful day! Jim *James Pardonek, MS, CISSP, CEH* *Information Security Officer* * Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 * * (**: (773) 508-6086 <%28773%29%20508-6086>*
Current thread:
- Due Diligence for Identity Finder Scanning Pardonek, Jim (Jul 14)
- Re: Due Diligence for Identity Finder Scanning David Seidl (Jul 14)
- Re: Due Diligence for Identity Finder Scanning James Smith (Jul 14)