SSN Rescan and Purge Redux Pat Burns, VPIT January 29, 2008.

Slides:



Advertisements
Similar presentations
Tasks in Setting Up a Hard Disk
Advertisements

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
Sensitive Information Sweep
Prime’ Senior Project. Presentation Outline What is Our Project? Problem Definition What does our system do? How does the system work? Implementation.
Campus Meeting on CSUID Implementation – SSN Purge Pat Burns and Steve Lovaas ACNS July 28, 2006.
Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
COLLECTIVE BARGAINING REPORTING Gateway User Guide Data Entry and Submission January 2014.
Shared File Service VM Forum January, SFS Topics Targeted Usage Security Accessing CIFS Shares Availability & Protection Monitoring Pricing.
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
LMS Gap Analysis 6/15/2011 Department of Personnel.
Using Cornell’s Spider to scan for sensitive information January 27, 2009 Steve Lovaas, ACNS Colorado State University.
SERVER Betül ŞAHİN What is this? Betül ŞAHİN
Virtual Memory Tuning   You can improve a server’s performance by optimizing the way the paging file is used   You may want to size the paging file.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
MAIRIS Training sessions will be offered on the following dates and times: Thursday, February 20 th, 9:00 a.m. Tuesday, March 11 th, 2:00 p.m. Monday,
Obtaining a User Account Example Logging Into the CIP Website.
Pat Burns, VP for IT 11:00 – 11:50 AM January 7, 2010.
TCS Conference Call ERO Document Retention & Paper Flow October TCS Conference Call.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Software Engineering Modern Approaches
Pharmacy Set up Bedside Medication Verification. Pharmacy Toolbox Parameters.
Implementing CIITS: Empowering Kentucky’s Teachers and Leaders for Success.
Chapter 18: Windows Server 2008 R2 and Active Directory Backup and Maintenance BAI617.
Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.
Data Risk and Security Andrew Roderick Campus Technology Committee – January 21, 2015.
Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.
Voyager Circulation. 5/1/2014 Denita Hampton Manager, User Services & Technology Services Stella Richardson Access Services Librarian.
Primacy Revision Application The Arsenic Rule. Major Points Components of Primacy Revision Application Attorney General’s Statement Special Primacy Requirements.
General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.
Online Translation Service Capstone Design Eunyoung Ku Jason Roberts Jennifer Pitts Gregory Woodburn Kim Tran.
11 SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL Chapter 9.
Module 9 Configuring Messaging Policy and Compliance.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Student Curriculum Planning System MSE Project Presentation I Kevin Sung.
Senior Design 1 Project Android Pilot Nation Stellar Sea Lions Team –Andrew Olivier –Jordan Fryer –Karen Echon –Jacob Hahn University of Portland School.
360 Control Manager & Cardholder Training Commercial Card Payment Solutions 1.
The EverCheck Overview  A paperless system for license verification and ongoing monitoring  It only applies to licenses that have an online primary source.
Mark Lertvat (Speaker) Mike Jurney Andrew Levine Evan Davis.
Security Vulnerabilities Linda Cornwall, GridPP15, RAL, 11 th January 2006
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Delivery System: ISIR, SAR and ISIR Datamart Session #104.
FSU Metadirectory Project The Issue of Identity Management Executive Overview
1 1 ECHO Extended Services February 15, Agenda Review of Extended Services Policy and Governance ECHO’s Service Domain Model How to…
Support the spread of “good practice” in generating, managing, analysing and communicating spatial information Evaluating and Reflecting on the Map-making.
TOMS TRAINING Test Operations Management System 2016 PAWS Dec 2, 2015.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
1 Pioneer Investments Legal and Compliance System Assessment Weekly Status Update June 23, 2005.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
IDENTITY FINDER TRAINING. What is Identity Finder?  Identity Finder is a program that is installed on your desktop, laptop, or server to locate personally.
OWASP ASVS Levels1234 Tools Manual Test and Review Manual Design Review At higher levels in ASVS,the use of tools is encouraged. But to be effective,the.
Computer Security Sample security policy Dr Alexei Vernitski.
New Hire Packet Automation Factors for Decision Making.
The IUCN Species Information Service (SIS)
Answer to Summary Questions
Title I Equipment Inventory Requirements
Title I Equipment Inventory Requirements
Title I Equipment Inventory Requirements
Software Application Overview
Chapter 8 – Administering Security
INDULGENCE There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Taming the Wild Unstructured Data: The Shared Drive Jungle
Title I Equipment Inventory Requirements
Technology Envioronment
بعض النقاط التي تؤخذ في الحسبان عند تقييم الاستثمارات الزراعية
POP: Building Automation Around Secure Server Deployment
Fy ‘08 NETWORK PLANNING TASK FORCE
Presentation transcript:

SSN Rescan and Purge Redux Pat Burns, VPIT January 29, 2008

Jan. 24, 2008 SSN Scan Redux 2 Status Initial exercise was successful at removing thousands of files with millions of SSN’s and CCN’s, and substantially reduced the risk to our constituents of identity theft However, the process was far from perfect, it relied on attestations from individual users, and lacked “checks and balances” Recent events indicate that we may still have tens of thousands of SSN’s on CSU systems

Jan. 24, 2008 SSN Scan Redux 3 We Need to “Fix” this Problem Provost/SVP directive, at the recommendation of the VPIT Rescan and purge, using a new process with checks and balances, that reasonably assures removal of virtually all SSN’s on our systems  Invasive/intrusive process is approved, but only for the purposes of identifying sensitive data that need to be purged  The ‘default’ is to err on the side of protection, i.e. removal Refresh “scan and purge” periodically, at least once per annum

Jan. 24, 2008 SSN Scan Redux 4 New Process System administrators will be responsible for  Rescans of systems now using new, improved spider tool  Getting lists of target files to their users for their inspection/action  Determining that files with SSN’s, CCN’s and other sensitive information have been removed Rescan by February 22, 2008 Verify that files with sensitive information have been removed Default is to remove files to off-line storage  Reporting to the VPIT that the new process has been completed satisfactorily

Jan. 24, 2008 SSN Scan Redux 5 Other Steve Lovaas will work with IT staff on spider implementations Multi-user servers are the primary target at this time  Extend to individual systems, based upon judgment Begin immediately Deadline for sysadmins reporting back to the VPIT is Feb. 29

Jan. 24, 2008 SSN Scan Redux 6 Reporting Format For all web and multi-user file servers Report numbers of files  “Before” – found initially on the next scan  “After” - after users have remedied  “Final” – after sysadmin actions Discussion, if “final” number is not 0

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.