Educause Security Discussion mailing list archives
scanning for sensitive information
From: "Youngquist, Jason R." <jryoungquist () CCIS EDU>
Date: Mon, 18 Mar 2013 20:32:30 +0000
We have a project to scan workstations for sensitive information. It looks like we are going to be purchasing Identity Finder with centralized console and workstation licenses. We are currently working on a data classification policy so we can give guidance to people on what to do with the information. We are probably going to start with installing Identity Finder on 50 machines or less at departments that have sensitive information (ie. Accounting, Registration and Financial Services, etc.) For those of you that implemented Identity Finder with the centralized console, how many hours of professional support did you use, and what did your rollout time-line look like? I've reviewed some Educause presentations and it seems that the biggest recommendations are the following: * Project Scope o Start with a small group for the first phase * Education and awareness o Make sure users know why it is important to scan for sensitive information o Make it easy for users to discover and correct the issues themselves o Come up with a clear process so users know what to do with the sensitive information. * Come up with a list of things to scan for o SSNs, credit card numbers, bank account numbers, and passwords seem to be the big things. Would appreciate any thoughts or other lessons learned. Thanks. Jason Youngquist, CISSP Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu<mailto:jryoungquist () ccis edu> http://www.ccis.edu
Current thread:
- scanning for sensitive information Youngquist, Jason R. (Mar 18)