We are in the process of developing security policies and procedures. During this process we have identified certain...
types of data that we have classified as sensitive and cannot (by policy and law) be stored on non-secured workstations. We are certain that some workstations have "sensitive data" stored on them, due to a previous lack of policy preventing it. We have no idea where this data is nor in what format it is stored. We are certain that very few of the 5000 or so PCs are secured to the degree that this type of data requires. We are looking for a tool that can be used to scan all of the workstations for the types of data elements we have determined are sensitive and will report the findings. We can then move to either secure the workstation, and/or remove the offending data elements. Examples of the types of data we would be looking for are SSN, GPA and other data types as defined by HIPPA and FERPA.Does such a tool exist, and where can I get it?
One way you can go about this is get a network recorder or sniffer, such as those available from Niksun and Network Instruments. You can record all traffic going across your network, replay traffic, put packets together to identify content, etc. With this, you can identify the source and destination of what you deem sensitive information. If you have a Windows environment, you should be able to develop a login script that can search each system for questionable files that can later be reviewed more thoroughly.
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Infrastructure and Network Security
Featured Topic: Security Policies
Dig Deeper on Information security policies, procedures and guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.