Committed to protecting our data
Protecting sensitive data and implementing measures to prevent the breach or loss of that data begins with first classifying the data that we have to protect and secondly determining where that data is stored. The Data Classification Standard developed by the A&M system provides the different classifications of data and examples of the each data type. SPIRION (formerly Identity Finder), is a tool that will help to determine the location of sensitive data across computers on our network.
How will SPIRION work?
SPIRION will be deployed to all faculty and staff workstations, once deployed users will be able to scan for PII, HIPPA, PCI and other information. By default the SPIRION will be configured to scan for Social Security numbers, credit card numbers, bank account numbers, and driver’s license numbers located on their computers or external drives. The types of files that will be scanned are Access, Excel, Powerpoint, Outlook pst files, Word documents, PDF’s, Text Files, etc. If any files are found that contain sensitive data, users are alerted to the possible PII information and can take various steps to remediate the findings if required. The scans will be ran on a scheduled basis and can be manually initiated by the user.
What if I need to use sensitive data?
The ISO office highly recommends that sensitive data should not be stored on flash drives, in your email or on your computers [Encryption of Confidential and Sensitive Information 29.01.03.P0.22]. If needed sensitive data should be stored on the file server and deleted once the retention period [retention schedule] has been meet or the file is no longer needed. We also require that if any sensitive data must be sent through email, the data must be encrypted [Encryption of Confidential and Sensitive Information 29.01.03.P0.22]. All use of sensitive data should be documented and approved by the ISO.
How long will it take to scan
The initial scan by SPIRION will take a few hours to scan, however all scans afterward will be faster as only new documents and documents that have changed since the last scan will be analyzed.
The university has adopted a policy to automatically scan on computers on a scheduled basis. Once complete the results of the scan will be sent to each department head to encourage remediation efforts. If your computer is not connected to the network at that time, the scan will automatically begin the next time your computer is turned on.
How to manually scan for Confidential data on PC
The Profile created is only for the user account logged into the computer and should be different from your domain password. Once created, you will have to enter the password every time you run a manual scan. This profile will store the results of your scan in a secure encrypted format.
Running your first can
Select types of data to scan for
By default, SPIRION is configured to scan for Social Security Numbers, Credit Card, Bank Account, and Drivers License numbers. You are free to add any of the other fields below e.g., password and Health information to the scan. You will not be able to deselect the default types of data.
Select locations to scan
You can start the scan right away or use the wizard, the wizard will allow you select the types of data to search for as well as the location if you have not defined this information before.
If sensitive data was found inside a file, you can open the folder that contains that file to view the file directly. To perform this action, single click the result with the right mouse button to highlight it and bring up a context menu, then highlight and left-click on Open file location.
There are multiple ways that SPIRION can help you to remediate the findings of sensitive data on your computer. The options are located on the Main tab as displayed below. OIRM suggest that you use one of the following methods: shred, redact, quarantine, ignore.
If you determined that you no longer need the file with sensitive data, use the shred function to securely delete the file.
If it is determined that the file where the sensitive data is stored is needed react can be used to replace the sensitive data with XXXXXX. E.g. If you receive a file with SSN and student ID’s and you do need the student ID’s, use the redact function to replace the SSN with x’s.
If you must keep a file in the format that it is in, the file should be moved to a departmental share. When using the Quarantine feature, the file will be copied to a location you specify and the original file shredded.
The SPIRION software has an advanced scanning algorithm to properly identify sensitive data, however from time to time it may incorrectly assume a file has PII when it does not. Use the ignore feature to fix identify the file as a false positive.
Previewing Data Matches
The Preview Pane is enabled by default but can be turned on and off by clicking the Preview Pane button on the Configuration ribbon. The Preview Pane displays an unformatted version of the result you have selected. The main body of the Preview Pane contains the full content where your result was located with all the Data Matches highlighted in yellow. You can seek through highlighted matches and review the criticality of your result.
The Preview Pane can also be docked to another border of the SPIRION application or floated anywhere you like. Simply click and hold the mouse over the Preview Pane header (the words Preview Pane) and drag the pane.
For more information, the SPIRION manual can be found here