Security at LSU: Finding Sensitive Data
Disclaimer: Before using the products mentioned in this article, please contact your IT Administrator/Contact or the IT Security and Policy Office
In accordance with PS06.20 - Security of Data, it is essential that sensitive data is protected.
Data is classified as - "all information that is used by or belongs to the University, or that is processed, stored, maintained, transmitted, copied on, or copied from University computing resources."
Protected Information is classified as - "data that has been designated as private or confidential by law or by the University. Protected information includes, but is not limited to, employment records, medical records, student records, education records, personal financial records (or other personally identifiable information), research data, trade secrets, and classified government information. Protected information shall not include public records that by law must be made available to the general public. To the extent there is any uncertainty as to whether any data constitutes protected information, the data in question shall be treated as protected information until a determination is made by the University or proper legal authority."
Although these definitions are defined by the policy, often users do not know that sensitive or protected data exists on a machine. Loss of data through security breach, social engineering or through loss of hardware, could result in financial damages to the University and the individual responsible for the data, and damage the reputation of the University. The IT Security and Policy Office has been working diligently to obtain products that will assist users to identify Personally Identifiable Information (PII) on workstations and servers. A product that we currently have is :
Spider (for Windows, Linux and Macintosh).
For additional information about these products, please follow the links to the respective pages.
10/29/2012 4:51:24 PM
Note: If you have any questions or concerns please contact the IT Security and Policy Office at firstname.lastname@example.org.
We love feedback! Please help us improve this article.