June 09, 2014

IT scan of employee workstations is set

As part of an ongoing effort to assess campus computers for sensitive information and comply with state requirements, the Information Security team will be performing another campus-wide scan of all employee workstations. The scan will take place over two weekends, June 21-22 and June 28-29.  All workstations will be scanned over the first weekend unless your local LAN administrator makes prior arrangements.  A workstation only needs to be scanned over one of these weekends.

As in previous scans, this scan will require that workstations remain powered on and users logged in.  Users should lock their workstation before leaving work the Friday before the scan occurs. When users return to work on Monday and unlock their workstation they will be able to see the results of the scan run against their workstation.  Results of the scan will include an overview of any sensitive information found and options and suggestions on how to secure it. 

Sensitive information that will be specifically scanned for includes Social Security numbers, credit card numbers, driver's license numbers, passport numbers and bank account numbers. Again, you will be immediately alerted to the presence of such data and be given suggestions on how to manage that data. A more comprehensive description of sensitive information can be found here. 

Audit requirements, at the direction of the Illinois Auditor General, have dictated that SIU undergo a comprehensive process to identify and inventory sensitive data across campus.  The ultimate goal is to not only identify but to subsequently secure, or encrypt, sensitive data.  Many staff come into contact with sensitive data, such as Social Security numbers, as part of their daily job responsibilities.  The goal would be to assist these staff members in securely dealing with this type information in order to prevent loss and to protect the assets of the university.  On the other hand, there are computers, workstations, and servers across campus where sensitive data also resides either because of a historical need, one-time analysis, or perhaps from antiquated business processes where sensitive data is now not either known to reside or perhaps forgotten.  Where possible the intent is to always remove unneeded sensitive data from these systems.  This is the focus of this process and the first step is to locate where sensitive data may reside and to inform users so that they may take appropriate action. 

Information Technology has purchased software called “Identity Finder” to perform this scan.  Identity Finder is a comprehensive scanning and analysis tool.  It replaces the Datafind software previously used across campus to perform similar types of scans.  Advantages of Identity Finder are that it is easier to use than Datafind, performs a more comprehensive scan, and can be managed centrally by Information Security thus relieving some of the burden on individual users across campus. 

The overall intent of this exercise is to identify and ultimately secure sensitive data across campus all while acting in accordance with the direction of the Illinois Auditor General.  With this in mind, the intent is to monitor progress across campus to determine the extent users have taken to secure sensitive information.  Scan results will be compared to previous scans to determine progress, with hope campus users are taking proactive steps to secure information.  Please contact SalukiTech at 453-5155 or your local LAN administrator if you have any comments or questions about this assessment.