Re: Locating Personally Identifiable Information

[Charles Young <charles.young () TUFTS EDU>]

I'm not sure if this has been discussed, but I once heard an urban legend about crafting customized virus signature(s) 
to use A/V as a PII discovery tool. Tons of drawbacks immediately spring to mind, but it was an interesting concept to 
consider.

Any positive experiences with A/V in this unusual capacity?

Doug Markiewicz wrote:
> > (1) Which tool are they using?
>
> Carnegie Mellon has rolled out Identity Finder for the Windows
> platform.  For the OSX platform we are currently recommending Cornell's
> Spider tool but we are also pushing for an expedited release of Identify
> Finder for OSX.
>
> > (2) How is the tool being deployed? E.g. Do you just make it available
> > for use by your staff? Do you have support staff who run the tool for
> > individuals who request it or can individuals run it themselves?  Is it
> > mandatory or voluntary to use the tool?
>
> We have made the tool available to all students, faculty and staff
> within the US.  It is not mandatory.  We try to avoid "mandatory"
> initiatives.  The tool is self service and we've released a survey to
> collect some general information related to what individuals find.  For
> example:  Did you find PII?  Why did you choose to store this PII
> locally instead of using a central storage function?  etc... We avoided
> any solutions that would centrally collect the results of searches
> because we felt acceptance of such a tool would be much lower.  We did
> some campaigning with the deans of our various colleges and some other
> groups to help gain support for the initiative.
>
> Hope this helps.  If you have more specific questions, let me know.
--
Chuck Young, CISSP CISA
Director, Information Security
Tufts University UIT