Due Diligence for Identity Finder Scanning

["Pardonek, Jim" <jpardonek () LUC EDU>]

We are having some discussion here as to what would be an acceptable frequency to perform desktop scans for ssn's and 
CC#s.  At the university I was at previously, we did a scan once a month and required the end user to remediate.  Here 
we have a bi-annual scan where a data steward meets with the end user to assist and attest remediation.  What are 
others thoughts on frequency and remediation responsibility.

Thanks and have a wonderful day!

Jim

James Pardonek, MS, CISSP, CEH
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

*: (773) 508-6086