Educause Security Discussion mailing list archives
Re: Identity Finder Questions
From: "Telfer, Will" <Will_Telfer () BAYLOR EDU>
Date: Mon, 5 Feb 2018 22:43:34 +0000
We use Identity Finder/Spirion at Baylor University. 1. What is the scope of your institutions deployment? (e.g. system-wide, specific departments, business areas, etc.) * We have it deployed in specific departments where SSNs and/or credit card numbers are used in business practices 1. Do you include personally-owned devices or just organization-owned devices? * It is only installed on organization-owned devices. 1. Within that scope, what devices are included? (e.g. servers, desktops, laptops; all or partial) * It is installed on mainly desktops/laptops, with a few departmental file servers included due to the type of data housed on the servers. 1. How often are systems scanned and/or reports reviewed? * Systems are scanned quarterly on the last Wednesday of the January, April, July, & October. Results are reviewed after the quarterly scans & users are contacted if the scan detected more than 500 hits. Users can initiate a scan at any time. Our biggest issues is systems being off site or offline during the quarterly scan time & then users manually cancelling the scan when it starts or systems that have been replaced & the software has not been reinstalled (aka orphans). Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services [sig] Twitter: @BearAware Facebook: www.facebook.com/BearAware From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Escue, Charles E Sent: Monday, February 5, 2018 3:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Identity Finder Questions Hello everyone, We are interested in knowing the strategy of other institutions in relation to Identity Finder (or other like products). Feedback for the following questions is greatly appreciated. 1. What is the scope of your institutions deployment? (e.g. system-wide, specific departments, business areas, etc.) 2. Do you include personally-owned devices or just organization-owned devices? 3. Within that scope, what devices are included? (e.g. servers, desktops, laptops; all or partial) 4. How often are systems scanned and/or reports reviewed? I appreciate your help with this discovery effort! Feel free to respond to the list or contact me directly. Thanks, Charlie Charles Escue, CISSP Lead Security Analyst University Information Security Office 2709 East 10th Street Bloomington, IN 47408 Office: (812) 856-3334 cescue () iu edu<mailto:cescue () iu edu>
Current thread:
- Identity Finder Questions Escue, Charles E (Feb 05)
- Re: Identity Finder Questions Telfer, Will (Feb 05)