Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sensitive Information Survey

From: Chris Green <cmgreen () UAB EDU>
Date: Tue, 25 Aug 2009 14:48:48 -0500
We haven't done a survey but from other incidents, I've learned you need to ask the exact same question 15 ways ;-)

A no on #1 - #3 doesn't mean no all the way down the line.   It's just that people don't think in these terms.


1)      Do you have any sensitive information?

2)      Do you have any personally identifiable information?

3)      Do you have any credit card numbers?

4)      Do you have any research data?

5)      Do you have any medical records?

6)      Do you have any student data such as grades, tests, financial aid information?

7)      Do you have any employment records such as

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wayne 
Bullock
Sent: Monday, August 24, 2009 3:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Sensitive Information Survey

We are working on putting together a user survey with the intent to locate Sensitive or PII information. Mostly, we are 
looking for users that have downloaded sensitive data from protected systems to their workstations or laptops.

We are doing this with the intent to be in position to better audit systems and provide targeted information security 
training.

If you have done this before at your institution would you provide some feedback? Did the survey yield useful results? 
Sample surveys that you have used in the past would be very welcome.

Thank you,

            --Wayne

Wayne Bullock, MSCIS, CCNA
Associate Director
Communication Services Infrastructure
Information Resource Management
Florida Atlantic University
777 Glades Road
Boca Raton, FL 33431
Previous By Date Next
Previous By Thread Next

Current thread: