The Sensitive Information Identification Remediation (SIIR) program is a campus security initiative to identify and resolve instances of sensitive university data stored inappropriately on campus or in cloud-based systems. The Office of Information Technology (OIT), in collaboration with university data stewards and other stakeholders, uses a combination of automated tools and other techniques to locate sensitive data:
- Social security numbers
- Credit card data covered under the Payment Card Industry Data Security Standard (PCI DSS)
- Bank account information
- Health information protected under the Health Insurance Portability and Accountability Act (HIPAA) of 1996
- Sensitive research data
- Other sensitive data (per the Tables of Data Elements on the Determining Sensitivity Levels for Shared Data page).
SIIR Program Benefits
- Reduced instances of costly data breaches or exposure
- Increased compliance with university policies and state, federal, and contractual requirements
- Timely identification and correction of accidental insecure storage of sensitive data
Tools
Spirion
- Formerly named Identity Finder, Spirion is the primary tool for use with SIIR.
- Spirion is being used to scan and remediate sensitive information on university-owned machines and data stores.
- The names Identity Finder and Spirion are used interchangeably on the company website and also at NC State.
Scanning Focus
- PCI data (primary focus)
- Credit card numbers
- Social security numbers
Scanning Schedule
- OIT Security and Compliance (OIT S&C) plans to run quarterly host scans at random intervals during a Tuesday through Thursday window.
- Scans will run in the background with a slight impact on system performance.
- OIT S&C will manage the results centrally, and if sensitive data is identified, OIT S&C contact the user or local IT support staff.
- Scans are scheduled for the following dates in 2020:
- February 11
- May 12
- August 11
- November 10
Scanning Duration
- The length of time to complete a scan depends on the amount of data being searched and the scanned computer’s performance.
- Depending on the hard drive size and the power of the computer being scanned, the initial scan may take a significant amount of time.
- Subsequent scans are generally faster and do not impact system performance.
Computer Performance during Scanning
If you experience significant sluggishness, please contact the NC State Help Desk at 919.515.4357 (HELP)
Spirion Deployment
OIT S&C requires that Spirion data security software be deployed by Monday, Nov. 27, 2017 on all university-owned devices that run Windows or macOS and are managed by WolfTech Active Directory/SCCM or Jamf Pro. This includes servers, desktops, and laptops.
For Managed Workstations
- Managed workstations receive Spirion software during deployment service per established policies and schedules.
- No action is required by the user to run the application.
- If sensitive data is discovered, OIT S&C will notify and assist the user with data remediation.
For Non-managed Desktops and Laptops
To download Spirion for non-managed Windows and Macintosh desktops and laptops, visit Software Licensing.
Exception Requests
In the event a university-owned system requires an exemption from Spirion installation, the department must complete an IT Exception Request with proper justification for the exemption review. Once OIT S&C reviews and approves the request, the system will be placed in the appropriate exception group.
Availability
- Spirion is available in Jamf Pro, SCCM and Software Licensing.
- NOTE: This is a new package. Please replace the current deployment with this new version.
Additional Information
Visit the Spirion website: Links to User Guides, Documentation, and Feedback
Help
Please report any issues or questions to the NC State Help Desk at 919.515.4357 (HELP)