(Formerly Identity Finder) Everyone dealing with university data is responsible for its proper handling, especially if it is sensitive data. Spirion is one tool which can assist you in your obligation to safe-guard sensitive data. This page contains information on using Spirion.
CIT's information on Spirion
- https://it.cornell.edu/spirion
- Scan for Confidential Data: Windows:
- Scan for Confidential Data: Mac:
Issues
CIT's mistake forces runs of Spirion unexpectedly.
- What new measures taken to prevent repeat mistake? (Ex. What motivations led to action taken which resulted in the mistake being made?)
==========================================
Sent: Monday, February 5, 2018 4:59 PM
To: AS_COMP_SUPT-L
Subject: Unexpected Spirion Scan
We got unexpected Sprion scans on some machines in Arts yesterday/today – this was due to a central issue, and we hope it doesn’t recur! Consider it an early vision of what’s coming…
(...)
From CIT:
There was an issue with a Filter-Tag this morning (or sometime this weekend…) which a Filter-Tag lost its “filter” and therefore acquired all endpoints as members. The Tag was associated with a policy for a scheduled scan, so some of you or your users may have noticed/reported a “random” scan kicking off this morning, because obviously you missed the deadline a month ago.
The issue has been resolved and the filter put back in place on the Tag.
==========================================
CIT's information on data stewardship and related policies
- https://it.cornell.edu/security-and-policy/responsibilities-protect-university-data
- "You are responsible for Cornell data stored on computers you use. You are the custodian of that data. This is established in numerous Cornell policies", per link above.
- https://it.cornell.edu/policy
- https://it.cornell.edu/policy/policy-510-information-security
- Note: Policy 5.10 is concerned with confidential data that is under the custodianship of the university. An employee’s access to or handling of his or her own personal information is not at issue.
- https://it.cornell.edu/policy/policy-510-information-security
- https://it.cornell.edu/security-and-policy/consequences-mishandling-sensitive-data
Above page states: When sensitive data isn't managed appropriately, it poses many risks to Cornell. By law, possible loss to certain types of data requires Cornell to report to government agencies and notify potentially affected individuals. Responding to data losses (even possible losses) can easily consume hundreds of hours and is, as a result, an expensive activity. It can also significantly disrupt university business by involving many people from your department and other campus offices.