Re: Sensitive Information Survey

[Joel Rosenblatt <joel () COLUMBIA EDU>]

Hi,

As a suggestion, you may want to have a data classification policy in place to completely define what data you are 
looking for - here is a pointer to our
policy for an example (just in case you don't have one already)

<http://www.columbia.edu/cu/administration/policylibrary/policies/00bb9c67198088230119b4fac83a0003/8_-_Data_Classification_Policy_-_final_1209922329978.pdf>

Good luck - we are currently doing a scan of administrative desktops looking for sensitive information, it's a fun 
project :-)

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Monday, August 24, 2009 4:16 PM -0400 Wayne Bullock <wayne () FAU EDU> wrote:

> We are working on putting together a user survey with the intent to locate Sensitive or PII information. Mostly, we are 
> looking for users that have
> downloaded sensitive data from protected systems to their workstations or laptops.
>
> We are doing this with the intent to be in position to better audit systems and provide targeted information security 
> training.
>
> If you have done this before at your institution would you provide some feedback? Did the survey yield useful results? 
> Sample surveys that you have used in
> the past would be very welcome.
>
> Thank you,
>
>             --Wayne
>
> Wayne Bullock, MSCIS, CCNA
> Associate Director
> Communication Services Infrastructure
> Information Resource Management
> Florida Atlantic University
> 777 Glades Road
> Boca Raton, FL 33431



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel