February 20, 2014
Scan of employee workstations is this weekend
As part of an ongoing effort to assess campus computers for sensitive information and comply with state requirements, the Information Security team will be performing a campus-wide scan of all employee workstations. The scan will take place this weekend, Saturday and Sunday, Feb. 22-23.
The scan will require that workstations remain powered on and users logged in. Users should lock their workstation before leaving work on Friday. When users return to work on Monday and unlock their workstation they will be able to see the results of the scan run against their workstation. Results of the scan will include an overview of any sensitive information found and options and suggestions on how to secure it.
Sensitive information that will be specifically scanned for includes Social Security numbers and bank account information. Again, you will be immediately alerted to the presence of such data and be given suggestions on how to manage that data. A more comprehensive description of sensitive information can be found here.
Audit requirements, at the direction of the Illinois Auditor General, have dictated that SIU undergo a comprehensive process to identify and inventory sensitive data across campus. The ultimate goal is to not only identify but to subsequently secure, or encrypt, sensitive data. Many staff come into contact with sensitive data, such as Social Security numbers, as part of their daily job responsibilities. The goal would be to assist these staff members in securely dealing with this type information in order to prevent loss and to protect the assets of the university. On the other hand, there are computers, workstations, and servers across campus where sensitive data also resides either because of a historical need, one-time analysis, or perhaps from antiquated business processes where sensitive data is now not either known to reside or perhaps forgotten. Where possible the intent is to always remove unneeded sensitive data from these systems. This is the focus of this process and the first step is to locate where sensitive data may reside and to inform users so that they may take appropriate action.
Information Technology has purchased software called “Identity Finder” to perform this scan. Identity Finder is a comprehensive scanning and analysis tool. It replaces the Datafind software previously used across campus to perform similar types of scans. Advantages of Identity Finder are that it is easier to use than Datafind, performs a more comprehensive scan, and can be managed centrally by Information Security thus relieving some of the burden on individual users across campus.
The overall intent of this exercise is to identify and ultimately secure sensitive data across campus all while acting in accordance with the direction of the Illinois Auditor General. Please contact SalukiTech at 453-5155 or your local LAN administrator if you have any comments or questions about this assessment.