Educause Security Discussion mailing list archives
SPI/PII detection implimentation?
From: "Schoenefeld, Keith P." <Keith_Schoenefeld () BAYLOR EDU>
Date: Tue, 27 Sep 2011 13:41:54 -0500
I appreciate your time, if you respond directly to me I will summarize back to the list: We are considering how best to detect and properly mitigate sensitive personal information (SPI) and personally identifiable information (PII) on our campus. In so doing, we are curious how other institutions are currently managing this process. 1) Is software being deployed to endpoints, and if so is the installation voluntary, mandatory on some systems (if so, how were those systems selected), or mandatory on all systems? 2) How is the software installed on endpoints? 3) Are all scans initiated by the end user, is there a mix of user-initiated and automated (scheduled) scanning, or are all scans automated (scheduled)? 4) What kind of centralized reporting (if any) is leveraged? 5) Do you have a documented and published (at least to faculty/staff) SOP for dealing with data that is identified? -- KS Keith Schoenefeld Information Security Analyst Baylor University
Current thread:
- SPI/PII detection implimentation? Schoenefeld, Keith P. (Sep 27)