Educause Security Discussion mailing list archives
Early release - free commercial grade PII/NPI discovery software
From: Gary Golomb <gary () PROVENTSURE COM>
Date: Tue, 27 Nov 2007 15:18:58 -0500
Hello there all- I wanted to let you know Proventsure is releasing a free PII/NPI search application that does a lot more than just search for sensitive information. It's extremely user-friendly and actually educates users to the risks of storing the information discovered on their system (and allows them to take actions like encrypting, viewing, or removing the files). No... There's no catch... More information can be found here: http://www.proventsure.com/Proventsure%20Free%20PII%20Discovery%20Audit%20an d%20Management%20Application.html If you are already a Proventsure customer: Don't worry - this isn't going to undercut what you have in the enterprise version. With an enterprise license, the same application will fully integrate into your enterprise deployment. It will soon replace the current "USB Single Scan Client" with a completely new suite of functionality you can leverage - in addition to all the existing custom governance, risk, and compliance assessment policies the enterprise version supports (including full custom and/or open source module development). It understands several different levels of licenses, and will help scan systems in completely distributed environments - while providing a very unique level of end-user education/involvement in the information accountability process. If you would like to access an early version of the application, you can get it from: http://www.proventsure.com/Proventsure%20Self%20PII%20Detection.zip If you want a funny story about the development of this, read on... Our goal was to make the application as easy as possible to use for normal non-IT users. With the first version, I figured my dad would be a good test the see if we accomplished our "ease of use" goals. (He's a sales tax audit something-or-other. I look at what he does the same way he looks at what I do... I just don't get it. Anyways, I frequently find myself on the phone with him doing tech support, if you know what I mean...) I sent him the software with no instructions - just asked him to run it and give me a call when it finished. I wanted to see if he could use it start to finish without any assistance. He called me when it was done. I was so excited that he was able to use it and find all kinds of things with it... THEN.... The first question he asked hit me like a ton of bricks. He asked, "It found XYZ, but so what?" In other words, we (security and/or audit people) know why storing PII/NPI on systems is bad -- because it's our fulltime job to know that. The rest of the user community out there doesn't know the same things we know and why the threat is more serious than most people realize (they have fulltime jobs where they are responsible and accountable for other things that most of us don't fully understand either!). In fact, the average $500 Mil/year organization is subject to 35 to 40 federal regulations. I have a hard time finding CISO's that can name even a fraction of those. So it's not limited to just non-IT people. Once my dad asked the question "So what?" the goals for the application completely changed - as you'll see. Anyways, I hope you're able to find it useful. Happy holidays to everyone on the list! Only a few more weeks until winter break! J -Gary Proventsure's Governance, Risk, and Compliance Platform nominated for the Most Innovative Technology of the Year Award By Information Security magazine and the Burton Group <http://infosecurityconference.techtarget.com/conference/> http://infosecurityconference.techtarget.com/conference/ proventsure-c Gary Golomb Founder, President Phone: (800) 916-9211 Cell: (443) 536-5757 Web: <http://www.proventsure.com> http://www.proventsure.com
Current thread:
- Early release - free commercial grade PII/NPI discovery software Gary Golomb (Nov 27)