...
- https://it.cornell.edu/spirion
- Scan for Confidential Data: Windows:
- Scan for Confidential Data: Mac:
Issues
CIT's mistake forces runs of Spirion unexpectedly.
- What new measures taken to prevent repeat mistake? (Ex. What motivations led to action taken which resulted in the mistake being made?)
- Info from Roger, 2/6/2018: Doc (at CIT...) thinks the filter got dropped during the upgrade last Thursday morning.
==========================================
Sent: Monday, February 5, 2018 4:59 PM
To: AS_COMP_SUPT-L
Subject: Unexpected Spirion Scan
We got unexpected Sprion scans on some machines in Arts yesterday/today – this was due to a central issue, and we hope it doesn’t recur! Consider it an early vision of what’s coming…
(...)
From CIT:
There was an issue with a Filter-Tag this morning (or sometime this weekend…) which a Filter-Tag lost its “filter” and therefore acquired all endpoints as members. The Tag was associated with a policy for a scheduled scan, so some of you or your users may have noticed/reported a “random” scan kicking off this morning, because obviously you missed the deadline a month ago.
The issue has been resolved and the filter put back in place on the Tag.
==========================================
A&S's configurations
A&S docs for IT users:
- P009 Spirion (formerly Identity Finder) Automation (Web view)
- Roger states, 2/6/18: Other configuration details are documented in IT Admin notebook – which you can’t access. And Systems documents will be created along the way from the other sources.
Additionally, I've captured from Roger's emailed answers to me, from 2/6/2018:
- Our scan runs in *user* context, so can’t run without a user.
- Even a local user logged on works.
- Machine scans are possible.
- Frank has specified that we do user scans, which covers what needs doing most, without getting into complications of who can access what, when, etc.
- For missed Arts scans, catch-up scans are set to start in a range of after 2 hours, and before 6 hours of when the user logs on.
- Done this way so that it doesn’t start as soon as they are trying to start working.
CIT's information on data stewardship and related policies
- https://it.cornell.edu/security-and-policy/responsibilities-protect-university-data
- "You are responsible for Cornell data stored on computers you use. You are the custodian of that data. This is established in numerous Cornell policies", per link above.
- https://it.cornell.edu/policy
- https://it.cornell.edu/policy/policy-510-information-security
- Note: Policy 5.10 is concerned with confidential data that is under the custodianship of the university. An employee’s access to or handling of his or her own personal information is not at issue.
- https://it.cornell.edu/policy/policy-510-information-security
- https://it.cornell.edu/security-and-policy/consequences-mishandling-sensitive-data
Above page states: When sensitive data isn't managed appropriately, it poses many risks to Cornell. By law, possible loss to certain types of data requires Cornell to report to government agencies and notify potentially affected individuals. Responding to data losses (even possible losses) can easily consume hundreds of hours and is, as a result, an expensive activity. It can also significantly disrupt university business by involving many people from your department and other campus offices.
...
Information for Chemistry IT staff
Most current project information
Checking for installation
Windows (CM)
- Monitoring → Reporting → Reports → Software 02D - Computers with specific software installed
- This can be used for different software, but in this instance choose 'Spirion' and a collection (ex: AS-CHM-Dept-all)
- This gives a report of all Windows computers in Chemistry that have Spirion installed
Mac (Jamf)
- Easiest way to identify if a computer has Spirion installed is to search for the computer itself
- Inventory → Applications; if installed should be listed there. However, it does take a few days to update.
- For a list of computers with Spirion, if a search has not been created
- Press "+ New" to create a new Advanced Search
- Edit the criteria to be "Application Title - Spirion"
- Either save it or run it as is
Former project pages and info
...