We are in the process of developing security policies and procedures. During this process we have identified certain types of data that we have classified as sensitive and cannot (by policy and law) be stored on non-secured workstations. We are certain that some workstations have "sensitive data" stored on them, due to a previous lack of policy preventing it. We have no idea where this data is nor in what format it is stored. We are certain that very few of the 5000 or so PCs are secured to the degree that this type of data requires. We are looking for a tool that can be used to scan all of the workstations for the types of data elements we have determined are sensitive and will report the findings. We can then move to either secure the workstation, and/or remove the offending data elements. Examples of the types of data we would be looking for are SSN, GPA and other data types as defined by HIPPA and FERPA.Does such a tool exist, and where can I get it?
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Infrastructure and Network Security
Featured Topic: Security Policies
This was first published in May 2002