Educause Security Discussion mailing list archives
Re: Information Security Plan
From: George Larson <george.g.larson () GMAIL COM>
Date: Thu, 14 Dec 2017 12:24:48 -0500
On Thu, Dec 14, 2017 at 10:00 AM, Leon DuPree <duprleo () gmail com> wrote:
Anyone have suggestions for Sensitive information Scanning tools? I used to use Spider many moons ago for scanning FERPA data. Now I am scanning source code that will be re purposed for development... I have some commercial tools like IBM App Scan but this tool is looking for OWASP Top 10 and bad coding, not PHI, ot PII data.
We're thinking PII/PHI would be hard-coded into the source code? If that's correct then the tool doesn't need to be concerned with the fact that it is scanning source code, right? Nessus has a plugin for this: https://www.tenable.com/blog/detecting-credit-cards-ssns-and-other-sensitive-data-at-rest-with-nessus https://support.tenable.com/support-center/nessus_compliance_checks.pdf OpenDLP: https://code.google.com/archive/p/opendlp/ Or perhaps this project (written in R) could easily-enough be tweaked to consume the relevant file formats: https://github.com/J-PAL/PII-Scan
Current thread:
- Information Security Plan Keenan Martinez (Dec 11)
- <Possible follow-ups>
- Re: Information Security Plan Valerie Vogel (Dec 12)
- Re: Information Security Plan Leon DuPree (Dec 14)
- Re: Information Security Plan Adam Maynard (Dec 14)
- Re: Information Security Plan Valdis Kletnieks (Dec 14)
- Re: Information Security Plan Colin Abbott (Dec 14)
- Re: Information Security Plan George Larson (Dec 14)
- Re: Information Security Plan Valdis Kletnieks (Dec 14)
- Re: Information Security Plan Leon DuPree (Dec 14)