Re: Due Diligence for Identity Finder Scanning

[James Smith <jamessm010 () GMAIL COM>]

Jim,

We have chosen to base our frequency on the number of business processes in
the area that use highly sensitive information. For instance, a department
such as H.R. that handles H.S.I on a regular basis is scanned quarterly. A
department like Archeology on the other hand, is only scanned on an annual
basis.

This allows us to really focus on the area's that matter, without
desensitizing the users to the process and having them just ignore all of
the results.


James Smith, GSEC, GPEN
Data Security Coordinator
University of Notre Dame
574-631-9342



On Mon, Jul 14, 2014 at 4:30 PM, Pardonek, Jim <jpardonek () luc edu> wrote:

>  We are having some discussion here as to what would be an acceptable
> frequency to perform desktop scans for ssn’s and CC#s.  At the university I
> was at previously, we did a scan once a month and required the end user to
> remediate.  Here we have a bi-annual scan where a data steward meets with
> the end user to assist and attest remediation.  What are others thoughts on
> frequency and remediation responsibility.
>
>
>
> Thanks and have a wonderful day!
>
>
>
> Jim
>
>
>
> *James Pardonek, MS, CISSP, CEH*
>
> *Information Security Officer*
>
>
> * Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL  60660 *
> * (**: (773) 508-6086 <%28773%29%20508-6086>*