Educause Security Discussion mailing list archives
Re: Due Diligence for Identity Finder Scanning
From: David Seidl <dseidl () ND EDU>
Date: Mon, 14 Jul 2014 16:35:44 -0400
Jim, We opted for a risk based approach. Organizations that are expected to deal with SSNs get a more frequent scan rate (once a month, or quarterly). Areas that shouldn't have SSNs get a longer time frame. We used our original scan data and relative occurrence rates to help influence the scan timeframes, giving us a good relative risk mapping. David David Seidl Senior Director of Campus Technology Services dseidl () nd edu | 574-631-7305 On Mon, Jul 14, 2014 at 4:30 PM, Pardonek, Jim <jpardonek () luc edu> wrote:
We are having some discussion here as to what would be an acceptable frequency to perform desktop scans for ssn’s and CC#s. At the university I was at previously, we did a scan once a month and required the end user to remediate. Here we have a bi-annual scan where a data steward meets with the end user to assist and attest remediation. What are others thoughts on frequency and remediation responsibility. Thanks and have a wonderful day! Jim *James Pardonek, MS, CISSP, CEH* *Information Security Officer* * Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 * * (**: (773) 508-6086 <%28773%29%20508-6086>*
Current thread:
- Due Diligence for Identity Finder Scanning Pardonek, Jim (Jul 14)
- Re: Due Diligence for Identity Finder Scanning David Seidl (Jul 14)
- Re: Due Diligence for Identity Finder Scanning James Smith (Jul 14)