Educause Security Discussion mailing list archives

Re: Scanner for sensitive information

From: Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>
Date: Wed, 18 Jun 2008 08:48:34 -0400

My question is whether there is some product or other software that I
can run centrally that can help me assist webmasters keep sensitive
information inaccessible to the public. Ideally, I would like to do this
on much the same way I use my vulnerability scanner now.


We licensed IdentityFinder which contains a web module that will allow you to crawl your sites in search of SSNs, credit card numbers, 
etc.  We originally licensed the solution to allow faculty and staff to scan for PII on their desktops and laptops but are starting to 
look at the web module functionality now too.  I'm not intimately involved in this project but could probably get you answers to 
any questions.  There is also a database module but I don't believe we've tested that functionality yet.

http://www.identityfinder.com/Products/Identity_Finder_Editions_Enterprise_Web.html

Hope this helps.

Regards,

Doug Markiewicz
Information Security Office
Carnegie Mellon University

Current thread:

Scanner for sensitive information Wayne Bullock (Jun 16)
- <Possible follow-ups>
- Re: Scanner for sensitive information Di Fabio, Andrea (Jun 16)
- Re: Scanner for sensitive information Roger Safian (Jun 16)
- Re: Scanner for sensitive information Randy Marchany (Jun 16)
- Re: Scanner for sensitive information Isac Balder (Jun 16)
- Re: Scanner for sensitive information Watson, Michael (Jun 16)
- Re: Scanner for sensitive information Wayne Bullock (Jun 17)
- Re: Scanner for sensitive information Doug Markiewicz (Jun 18)
- Re: Scanner for sensitive information Wyman Miles (Jun 18)