Educause Security Discussion mailing list archives

Re: Sensitive Information Survey


From: Theresa Rowe <rowe () OAKLAND EDU>
Date: Mon, 24 Aug 2009 16:26:04 -0400

We've tried, but we did not get the information we needed to be really
successful.  We learned quickly that it was more effective to ask "what data
do you send off-campus" rather than "what data do you store."   They know
what they exchange, but they don't know what they've kept.  Searches by tool
are more effective.

Through iterations of buy/update pcs and the gig storage available, it seems
that people keep hundreds of files that they no longer remember.

Consider the faculty member who had a portable drive with departmental
placement test scores tracked by name and social security number, with the
newest file 10 years old.  Didn't remember it.

And even after that was discovered, finding more files on the faculty
member's laptop with the same sort of data.  Just forgot it was there.

We are trying to get the word out to get rid of stuff, but old faculty
gradebooks from when SSN was the student number seem to be a big hazard.

Theresa

On Mon, Aug 24, 2009 at 4:16 PM, Wayne Bullock <wayne () fau edu> wrote:

 We are working on putting together a user survey with the intent to
locate Sensitive or PII information. Mostly, we are looking for users that
have downloaded sensitive data from protected systems to their workstations
or laptops.



We are doing this with the intent to be in position to better audit systems
and provide targeted information security training.



If you have done this before at your institution would you provide some
feedback? Did the survey yield useful results? Sample surveys that you have
used in the past would be very welcome.



Thank you,



            --Wayne



Wayne Bullock, MSCIS, CCNA
Associate Director

Communication Services Infrastructure

Information Resource Management
Florida Atlantic University
777 Glades Road
Boca Raton, FL 33431







--
Theresa Rowe
Chief Information Officer
Oakland University
**Think Green - Think before you print.**

Current thread: