Introduction: Data Loss Prevention
The College of Engineering uses Spirion Identity Finder in order to comply with the OSU Information Security Control Requirements (ISCR). These requirements exist to safeguard you and the University against legal, regulatory, monetary and reputational liabilities related to the improper storage of restricted data such as social security numbers, bank account and credit card information.
What is Data Loss Prevention?
Data Loss Prevention (DLP) refers to our efforts to classify, identify and manage restricted data on College of Engineering computer systems. The goal of DLP is to mitigate risks associated with storage of – and access to – restricted institutional data.
Why is Data Loss Prevention important?
As an organization, OSU is bound to several legal, regulatory and compliance obligations due to the nature of the data we handle. As a result, the College of Engineering is required to understand the type and nature of data stored on departmental computers.
What is considered restricted data?
Restricted data is data that is bound to certain legal, regulatory and contractual requirements as described in the OSU Information Security Standard (ISS) and Information Security Control Requirements (ISCR) policies. Restricted data includes (but is not limited to) Social Security Numbers, FERPA/HIPAA data, Payment Card Industry information, or other data that is intended for limited use and availability.
How do OSU’s Data Loss Prevention policies affect me?
The College of Engineering has deployed Spirion Identity Finder to discover and evaluate institutional data on college-managed systems. Spirion will be used to scan systems managed by ETS in order to identify restricted data and to ensure that it is being properly stored and accessed.
When did the College of Engineering implement the Spirion Data Security Software?
ETS has been actively deploying Spirion IDF since Spring Quarter of 2017.
Who can I speak with regarding concerns I have with this phase of OSU’s DLP implementation?
Questions, comments and concerns can be addressed to the Engineering Technology Staff via the ETS Service Desk Portal or by email to firstname.lastname@example.org . We will do our best to ensure that your question, comment or concern is addressed in a timely manner.
What are my responsibilities?
As a College of Engineering faculty, staff, student or affiliate you have a responsibility to ensure that data you handle is stored and accessed in accordance with Ohio State University IT Security Standards Policy: https://ocio.osu.edu/policy/standards/security. If you are aware of – or become aware of – restricted data residing on systems you use, it is your responsibility to take the appropriate measures to ensure that the handling and access of your data is in compliance with university policy.
Deployment, Discovery and Remediation
Spirion Identity Finder works by scanning computers for restricted data. In the past, the software alerted ETS staff to the presence of restricted data that appeared to be improperly stored. When that occurred, ETS worked with departmental IT staff to delete the data or move it to systems compliant with the OSU ISCR.
ETS is currently in the process of deploying an updated version of Spirion Identity Finder to all College of Engineering computer systems. As part of this upgrade, an interactive feature of the software is being implemented. The interactive feature will alert the user (You!) to the presence of restricted data, and give you the option to shred (ie permanently delete) the data.
How it works:
Spirion Identity Finder will scan your computer on a predetermined schedule. When the scan begins, you will see a notification near your taskbar:
Once the search has completed, you will see a second message:
Additionally, a box will appear with some options, including “Wizard”:
Clicking on “Wizard” will take you to the search results:
If you choose Ignore, those results will not appear in future searches.
When you are finished, File -> Exit will close the application.
Spirion Identity Finder Software (General Information)
About Spirion Identity Finder
Spirion Identity Finder is software capable of scanning file systems in order to find sensitive data such as:
- Social Security Numbers
- Credit Card Numbers
- Bank Account Numbers
- Driver’s License Numbers
- Passport Numbers
- Additional Data Types
Identity finder will...
- Scan all files
- Generate reports which can be viewed by Identity Finder administrators
Identity finder will NOT...
- Copy files
- Alter data
Scanning your own system using Spirion Identity Finder
To scan your own system using Spirion Identity finder, simply launch the program from your computer. Create a password to create a search profile, or, select "Skip" to search without saving your search preferences.
Detailed information and additional help can be found here:
If you need assistance, please contact Engineering Technology Services:
Phone: (614) 688-2828
Service web portal: http://go.osu.edu/ets
Service Desk Location: 1012 Smith Lab
Business Hours: M-F 7:00 A.M.-5:00 P.M.