NC State’s Sensitive Information Identification Remediation (SIIR) program is a campus security initiative to identify and resolve instances of sensitive university data inappropriately stored on campus or in cloud-based systems. The Office of Information Technology, in collaboration with university data stewards and other stakeholders, uses a combination of automated tools and other techniques to locate sensitive data such as:
- Social Security numbers
- credit card data covered under the Payment Card Industry Data Security Standard (PCI-DSS)
- bank account information
- protected health information under HIPAA regulations
- sensitive research data
- other sensitive data (see Tables of Data Elements at Determining Sensitivity Levels for Shared Data).
SIIR program benefits
- Reduced instances of costly data breaches or exposure
- Increased compliance with university policies and state, federal, and contractual requirements
- Timely identification and correction of accidental insecure storage of sensitive data
Currently, Identity Finder is the primary scanning tool utilized as part of SIIR. In the initial rollout of Identity Finder, scans will be limited to the identification of Payment Card Industry (PCI) data and Social Security numbers.
- Scan schedule
OIT Security and Compliance will run weekly scans at random intervals Tuesday through Thursday. There should be little impact to system performance while the scan is running in the background. OIT will manage the results centrally and will contact you or your local IT support if sensitive data is identified.
- Scan time
The length of time to complete a scan depends on the amount of data being searched and the performance of your computer.
- Computer performance
The initial scan may take some time, depending on the size of your hard drive and the power of your computer. Subsequent scans are generally faster and do not affect system performance. If you experience significant slugginess, please contact the NC State Help Desk at 919.515.4357 (HELP) or email@example.com.
- Identity Finder for managed workstations
Managed workstations will receive the Identity Finder software via their deployment service, with established policies and schedules. There is no interaction required on the user’s part to run the application. If sensitive data is discovered, a member of the OIT Security and Compliance staff will notify and assist you with data remediation.
- Identity Finder for non-managed desktops/laptops
To download Identity Finder for non-managed Windows and Macintosh desktops and laptops, visit Software Licensing.
Please report any issues or questions to the NC State Help Desk at 919.515.4357 (HELP) or firstname.lastname@example.org.