1 / 6

SSN Rescan and Purge Redux

SSN Rescan and Purge Redux. Pat Burns, VPIT January 29, 2008. Status. Initial exercise was successful at removing thousands of files with millions of SSN’s and CCN’s, and substantially reduced the risk to our constituents of identity theft

laura-solomon
Download Presentation

SSN Rescan and Purge Redux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSN Rescan and Purge Redux Pat Burns, VPIT January 29, 2008

  2. Status • Initial exercise was successful at removing thousands of files with millions of SSN’s and CCN’s, and substantially reduced the risk to our constituents of identity theft • However, the process was far from perfect, it relied on attestations from individual users, and lacked “checks and balances” • Recent events indicate that we may still have tens of thousands of SSN’s on CSU systems SSN Scan Redux

  3. We Need to “Fix” this Problem • Provost/SVP directive, at the recommendation of the VPIT • Rescan and purge, using a new process with checks and balances, that reasonably assures removal of virtually all SSN’s on our systems • Invasive/intrusive process is approved, but only for the purposes of identifying sensitive data that need to be purged • The ‘default’ is to err on the side of protection, i.e. removal • Refresh “scan and purge” periodically, at least once per annum SSN Scan Redux

  4. New Process • System administrators will be responsible for • Rescans of systems now using new, improved spider tool • Getting lists of target files to their users for their inspection/action • Determining that files with SSN’s, CCN’s and other sensitive information have been removed • Rescan by February 22, 2008 • Verify that files with sensitive information have been removed • Default is to remove files to off-line storage • Reporting to the VPIT that the new process has been completed satisfactorily SSN Scan Redux

  5. Other • Steve Lovaas will work with IT staff on spider implementations • Multi-user servers are the primary target at this time • Extend to individual systems, based upon judgment • Begin immediately • Deadline for sysadmins reporting back to the VPIT is Feb. 29 SSN Scan Redux

  6. Reporting Format • For all web and multi-user file servers • Report numbers of files • “Before” – found initially on the next scan • “After” - after users have remedied • “Final” – after sysadmin actions • Discussion, if “final” number is not 0 SSN Scan Redux

More Related