Re: Due Diligence for Identity Finder Scanning

[David Seidl <dseidl () ND EDU>]

Jim,

We opted for a risk based approach. Organizations that are expected to deal
with SSNs get a more frequent scan rate (once a month, or quarterly). Areas
that shouldn't have SSNs get a longer time frame.

We used our original scan data and relative occurrence rates to help
influence the scan timeframes, giving us a good relative risk mapping.

David

David Seidl
Senior Director of Campus Technology Services
dseidl () nd edu | 574-631-7305


On Mon, Jul 14, 2014 at 4:30 PM, Pardonek, Jim <jpardonek () luc edu> wrote:

>  We are having some discussion here as to what would be an acceptable
> frequency to perform desktop scans for ssn’s and CC#s.  At the university I
> was at previously, we did a scan once a month and required the end user to
> remediate.  Here we have a bi-annual scan where a data steward meets with
> the end user to assist and attest remediation.  What are others thoughts on
> frequency and remediation responsibility.
>
>
>
> Thanks and have a wonderful day!
>
>
>
> Jim
>
>
>
> *James Pardonek, MS, CISSP, CEH*
>
> *Information Security Officer*
>
>
> * Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL  60660 *
> * (**: (773) 508-6086 <%28773%29%20508-6086>*