Educause Security Discussion mailing list archives
Re: Sensitive Information Survey
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Tue, 25 Aug 2009 12:57:54 -0700
Keep in mind that the key component of your effort is a risk-based focus. Addressing any particular gap can be very time consuming, thus it is important to focus on the biggest risks first. For example, our institution (3300 staff/faculty) has an enormous number of protected information eddies. It is actually pretty challenging to find a department at any of our colleges that doesn't have protected information of some form. A portion of the time, just having the discussion about identifying confidential information will result in risk mitigation. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College Office: 520-206-4873 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Green Sent: Tuesday, August 25, 2009 12:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Sensitive Information Survey We haven't done a survey but from other incidents, I've learned you need to ask the exact same question 15 ways ;-) A no on #1 - #3 doesn't mean no all the way down the line. It's just that people don't think in these terms. 1) Do you have any sensitive information? 2) Do you have any personally identifiable information? 3) Do you have any credit card numbers? 4) Do you have any research data? 5) Do you have any medical records? 6) Do you have any student data such as grades, tests, financial aid information? 7) Do you have any employment records such as From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wayne Bullock Sent: Monday, August 24, 2009 3:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Sensitive Information Survey We are working on putting together a user survey with the intent to locate Sensitive or PII information. Mostly, we are looking for users that have downloaded sensitive data from protected systems to their workstations or laptops. We are doing this with the intent to be in position to better audit systems and provide targeted information security training. If you have done this before at your institution would you provide some feedback? Did the survey yield useful results? Sample surveys that you have used in the past would be very welcome. Thank you, --Wayne Wayne Bullock, MSCIS, CCNA Associate Director Communication Services Infrastructure Information Resource Management Florida Atlantic University 777 Glades Road Boca Raton, FL 33431
Current thread:
- Sensitive Information Survey Wayne Bullock (Aug 24)
- <Possible follow-ups>
- Re: Sensitive Information Survey Theresa Rowe (Aug 24)
- Re: Sensitive Information Survey Brad Judy (Aug 24)
- Re: Sensitive Information Survey Joel Rosenblatt (Aug 24)
- Re: Sensitive Information Survey Chris Green (Aug 25)
- Re: Sensitive Information Survey Basgen, Brian (Aug 25)