{"id":3273,"date":"2014-03-25T16:36:34","date_gmt":"2014-03-25T20:36:34","guid":{"rendered":"http:\/\/sites.scranton.edu\/tag\/?p=3273"},"modified":"2014-07-03T10:27:39","modified_gmt":"2014-07-03T14:27:39","slug":"identity-finder-faq-for-faculty","status":"publish","type":"post","link":"https:\/\/sites.scranton.edu\/tag\/2014\/03\/25\/identity-finder-faq-for-faculty\/","title":{"rendered":"Identity Finder FAQ for Faculty"},"content":{"rendered":"<p><em>[Note: Significant updates made on 2014-05-13, 2014-05-07, and 2014-04-24. Updates on scheduling and encryption on 2014-07-02.]<\/em><\/p>\n<p>Back in <a href=\"http:\/\/sites.scranton.edu\/tag\/2013\/04\/03\/tag-meeting-2013-04-03\/\" target=\"_blank\">April 2013<\/a>, IT Services Director Jim Franceschelli and Information Security Director Adam Edwards came to TAG with a\u00a0<a href=\"http:\/\/sites.scranton.edu\/tag\/files\/2013\/04\/IdentityFinderImplementationProposal.pdf\">proposal<\/a>\u00a0to automate Identity Finder scans on faculty desktop computers. In June 2013, the\u00a0<span class=\"Apple-style-span\" style=\"color: #222222\">President\u2019s Cabinet approved the use of automated scans with Identity Finder on University-owned desktops as part of an overall Information Security Data Loss Prevention program. Then-CIO Jerry DeSanto sent an email announcement about the program to all faculty and staff on June 21, 2013, projecting implementation in December 2013.<br \/>\n<\/span><\/p>\n<p>Since then, <a href=\"http:\/\/www.scranton.edu\/pir\/information-security\/index.shtml\" target=\"_blank\">Information Security<\/a> has been working with TAG to pilot test the scans and try to smooth the process as much as possible for faculty. Automated scans have already started for staff, and Information Security would like to move forward with implementation for faculty machines. Currently, automated scans are scheduled to begin on <strong>August 1, 2014<\/strong>. Here&#8217;s what faculty need to know:<\/p>\n<p><strong>Why is the University doing this?<\/strong><\/p>\n<ul>\n<li>Data security is <a href=\"https:\/\/chronicle.com\/article\/Data-Breaches-Put-a-Dent-in\/145341\/\" target=\"_blank\">serious business\u00a0for higher ed<\/a> &#8212; we have ethical, legal, and financial obligations to protect the personally identifiable information that we have collected from students, faculty, staff, human subjects, etc.<\/li>\n<li>If your computer or external media contracts a computer virus, is lost, stolen, or broken into over the network, files containing restricted information are at risk for theft.\u00a0This information can be used to steal not\u00a0only your money and identity, but also the money and identities of anyone else who\u00a0either shares your computer or whose restricted information you store.<\/li>\n<li>If you store restricted information for University work, the University would be obligated under state law to notify everyone affected by the breach and could potentially be legally liable.<\/li>\n<\/ul>\n<p><strong>Does this benefit me at all?<\/strong><\/p>\n<ul>\n<li>Identity Finder can help you protect yourself &#8212; use it to search for sensitive, unprotected information on your computer and then take an action (Shred, Scrub, Secure, Quarantine, etc) to secure that information. (Personally, an Identity Finder scan I ran on my machine found old documents containing my SSN that I had stored unencrypted in Google Drive&#8230; not smart.)<\/li>\n<li>If your computer gets a virus, IT Services can clean and return it to you much more quickly and easily if they have a recent Identity Finder report for your machine.<\/li>\n<\/ul>\n<p><strong>What is Identity Finder?<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/www.scranton.edu\/pir\/its\/identityFinder.shtml\">Identity Finder<\/a>\u00a0is security\u00a0software that scans your (Windows) computer for sensitive, unsecured Personally Identifiable Information (PII) stored in unprotected files.<\/li>\n<li>If you\u00a0<a href=\"http:\/\/www.scranton.edu\/pir\/its\/idfinderImages\/Quick%20Guide.pdf\" target=\"_blank\">run a scan on your machine<\/a>, Identity Finder will give you a report showing what it found and where. It then gives you options to take action &#8211; you can shred the file, scrub (redact) information, secure the file, or move it to a quarantined location. You can also ignore false positives.<\/li>\n<li>It works by looking for patterns &#8211; for example, a nine-digit number in the pattern ###-##-#### would be picked up as a possible Social Security number. If it picks up something that looks like a Social Security number but isn&#8217;t (a false positive), you can tell it to Ignore that result.<\/li>\n<li>Identity Finder has been installed on all University Windows machines (via KBOX) since about 2009.<\/li>\n<\/ul>\n<p><strong>What kind of sensitive\/restricted information are we talking about?<\/strong><\/p>\n<ul>\n<li>Restricted information is any piece of information which can potentially be used to\u00a0uniquely identify, contact, or locate a single person.\u00a0Restricted information is generally\u00a0regulated by law or contract and often used for financial, medical, or research\u00a0identification. (See the\u00a0<a href=\"https:\/\/royaldrive.scranton.edu\/Groups\/Planningandinformationsystems\/PAIRO\/Governance\/Policy%20Analysis\/Technology%20Policies\/Policies\/Information%20Classification\/Info%20Classification%20Policy%20Revised%20Final%20Oct%202013.pdf?ticket=t_hzRGsmFL\" target=\"_blank\">Information Classification Policy<\/a>\u00a0for additional info.)<\/li>\n<li>Identity Finder looks for most types of Personal Identifying Information:\n<ul>\n<li>Bank Account Numbers<\/li>\n<li>Credit Card Numbers<\/li>\n<li>Dates of Birth<\/li>\n<li>Driver\u2019s Licenses<\/li>\n<li>Passwords<\/li>\n<li>Passport numbers<\/li>\n<li>Social Security Numbers<\/li>\n<\/ul>\n<\/li>\n<li>Identity Finder is <span style=\"text-decoration: underline\">NOT<\/span> looking for:\n<ul>\n<li>Email addresses<\/li>\n<li>Mother\u2019s maiden name<\/li>\n<li>Personal addresses<\/li>\n<li>Phone numbers<\/li>\n<li>United Kingdom National Heath Service Numbers, United Kingdom National Insurance Numbers,\u00a0Canada Social Insurance Numbers, Australia Tax File Numbers<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"line-height: 1.5em\">If you&#8217;d like to get a better understanding of what kind of information Identity Finder picks up, you can\u00a0<\/span><a style=\"line-height: 1.5em\" href=\"https:\/\/www.scranton.edu\/pir\/its\/idfinderImages\/Quick%2520Guide.pdf\" target=\"_blank\">run a non-scheduled Identity Finder scan<\/a><span style=\"line-height: 1.5em\">\u00a0on your machine whenever you&#8217;d like.<\/span><\/li>\n<\/ul>\n<p><strong>What are automated scans?\u00a0<\/strong><\/p>\n<ul>\n<li>Right now, Identity Finder only scans your machine when you tell it to.<\/li>\n<li>Information Security and IT Services plans to run weekly, automated Identity Finder scans (see the\u00a0<a href=\"http:\/\/sites.scranton.edu\/tag\/files\/2013\/04\/IdentityFinderImplementationProposal.pdf\" target=\"_blank\">proposal<\/a>\u00a0for details) on all University (Windows) computers.\u00a0The idea is that every Friday at noon, all University computers will automatically initiate an Identity Finder scan.<\/li>\n<\/ul>\n<p><strong>Where is Identity Finder looking? What folders\/locations are scanned?<\/strong><\/p>\n<ul>\n<li>Automated scans include:\n<ul>\n<li>Local filesystems (like your C: drive) and local registry<\/li>\n<li>Browsers<\/li>\n<li>Attached devices<\/li>\n<li>Email &#8212; \u00a0If you use a local email client (e.g. Outlook or Thunderbird), Identity Finder will scan through your mailboxes that are cached on your computer, however, if you mainly use OWA or other method through a browser, you don\u2019t have a local cached copy, and Identity Finder won\u2019t be able to scan it.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"line-height: 1.5em\">Scans do <span style=\"text-decoration: underline\">not<\/span> include the R: drive or most other remote connections.<\/span><\/li>\n<li>If you&#8217;d like to get a better understanding of what the automated scans will include, you can\u00a0<a href=\"https:\/\/www.scranton.edu\/pir\/its\/idfinderImages\/Quick%2520Guide.pdf\" target=\"_blank\">run a non-scheduled Identity Finder scan<\/a>\u00a0on your machine whenever you&#8217;d like.<\/li>\n<\/ul>\n<p><strong>What if I have sensitive\/restricted\/confidential information saved on my computer? \u00a0Like confidential human subject research data or client files?<\/strong><\/p>\n<ul>\n<li>ANY sensitive\/restricted\/confidential information that you are storing ANYWHERE should be encrypted! Without encryption, your data is\u00a0vulnerable to attack, misuse, and all sorts of other bad things.<\/li>\n<li><del>Information Security recommends using <a href=\"http:\/\/www.truecrypt.org\/downloads\" target=\"_blank\">TrueCrypt<\/a>\u00a0(which is free and open source) to encrypt your data.\u00a0Scott Finlon in Information Security wrote up some\u00a0<a href=\"http:\/\/sites.scranton.edu\/tag\/files\/2014\/03\/TAG-TrueCrypt-instructions.pdf\" target=\"_blank\">brief \u00a0instructions (PDF)<\/a>\u00a0for encrypting a folder of files using TrueCrypt. <\/del><span style=\"color: #ff0000\"><em>Update\u00a02014-07-02:<\/em> Support for TrueCrypt was discontinued in 2014-05, so Information Security now <a title=\"Encryption with 7-Zip \u2013 Instructions\" href=\"http:\/\/sites.scranton.edu\/tag\/2014\/07\/03\/encryption-with-7-zip-instructions\/\"><span style=\"color: #ff0000\">recommends using <strong>7Zip<\/strong><\/span><\/a> &#8211; see <a href=\"http:\/\/sites.scranton.edu\/tag\/files\/2014\/07\/7-Zip-Encryption-Instructions.docx\"><span style=\"color: #ff0000\">instructions (.docx)<\/span><\/a>.<\/span><\/li>\n<li>Information Security has been in <a href=\"http:\/\/sites.scranton.edu\/tag\/2013\/04\/14\/identity-finder-and-confidential-data\/\">ongoing conversations with the IRB<\/a> about ensuring confidentiality of human subject research data and client files. Members of the IRB had expressed concerns that Identity Finder scans would violate the confidentiality of human subject data. The good news is that data encryption resolves this concern &#8212; encryption protects sensitive data from Identity Finder scans as well as from external malicious attacks.<\/li>\n<li>Please contact\u00a0<a href=\"mailto:security@scranton.edu\" target=\"_blank\">Information Security<\/a>\u00a0if you have any questions about protecting confidential data.<\/li>\n<\/ul>\n<p><strong>How long do the scans take? Will this affect my computer or my work?<\/strong><\/p>\n<ul>\n<li>Identity Finder scans can take several hours if you have a large number of documents.<\/li>\n<li>Thankfully, Identity Finder uses a search history to keep track of what files do and do not have matches. Because of this, the initial scan is much slower than subsequent scans, as it has to scan your entire hard drive. Each subsequent scan will only look at new files, changed files, and files that previously reported matches.<\/li>\n<li>TAG members have been piloting automated scans since September 19, 2013. We ran our own scans first, and these often took quite a while. After the initial scan, however, subsequent automated scans have been speedy. So far, none of us have experienced any performance issues &#8211; the scans are essentially invisible to the user.<\/li>\n<\/ul>\n<p><strong>My computer went to sleep during the scan. What happens now?\u00a0Can Identity Finder wake my computer up to scan?<\/strong><\/p>\n<ul>\n<li>Identity Finder scheduled scans are set locally, so they will only be invoked while the computer is on and running &#8212; they can&#8217;t wake up your computer.<\/li>\n<\/ul>\n<p><strong>What if I&#8217;m not on campus on Fridays and my desktop machine is turned off? What if I&#8217;m not on campus on Fridays but am using my laptop?\u00a0<\/strong><\/p>\n<ul>\n<li>Automated scans are currently scheduled in batch for Fridays at noon.\u00a0They will run as long as your computer is turned on &#8211; whether or not you&#8217;re on campus (or on the University network).<\/li>\n<li>If you are offline, the scan will run as scheduled. The report will be sent to Information Security once you reconnect to a network.<\/li>\n<li>If your computer is turned off at 12pm on Friday (that is, if the scheduled scan is missed), it will begin with a randomized start time between 30 minutes and 120 minutes after the computer is back up and running.<\/li>\n<\/ul>\n<p><strong>What happens after the scan is done?<\/strong><\/p>\n<ul>\n<li>When the scan is done, Information Security will get a report from Identity Finder indicating the level of risk for that machine. The report includes the number of hits, but NOT the actual information that was marked as potentially sensitive &#8211; that is\u00a0redacted. The reports show only a masked version of a potentially problematic file and the location where it was found. Reports are only viewable by the Information Security Director (Adam Edwards) and the Information Security Engineer (Scott Finlon).<\/li>\n<li>Based off of these reports, Information Security then works one-on-one with users, recommending that users delete the files (if they&#8217;re no longer needed) or move them to a more secure, encrypted location. (Adam said that he is working with staff with the most risk first &#8212; e.g., people with 1,000 hits or more.)<\/li>\n<\/ul>\n<p><strong>What if I have a Mac or Linux machine?\u00a0<\/strong><\/p>\n<ul>\n<li>Automated Identity Finder scans will only run on Windows machines.<\/li>\n<\/ul>\n<p><strong>When is this happening?<\/strong><\/p>\n<ul>\n<li>Automated scans are scheduled to begin on University-provided faculty desktop machines on <strong>August 1, 2014<\/strong>. (Information Security Officer Adam Edwards sent out a notification to all faculty on May 28, 2014 and a reminder on June 30, 2014).<\/li>\n<li>Automated Identity Finder scans are already running on staff machines (and on TAG members&#8217; machines).<\/li>\n<\/ul>\n<p><strong>What should I do to prepare?<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/sites.scranton.edu\/tag\/files\/2014\/03\/TAG-TrueCrypt-instructions.pdf\" target=\"_blank\">Encrypt<\/a> your sensitive data! Information Security <a title=\"Encryption with 7-Zip \u2013 Instructions\" href=\"http:\/\/sites.scranton.edu\/tag\/2014\/07\/03\/encryption-with-7-zip-instructions\/\">recommends using <strong>7Zip<\/strong><\/a> &#8211; see <a href=\"http:\/\/sites.scranton.edu\/tag\/files\/2014\/07\/7-Zip-Encryption-Instructions.docx\">instructions (.docx)<\/a>.<\/li>\n<\/ul>\n<p><strong>Questions or concerns?<\/strong><\/p>\n<ul>\n<li>Faculty who have concerns or questions should contact Information Security at <a href=\"mailto:security@scranton.edu\" target=\"_blank\">security@scranton.edu<\/a> prior to the start date.<\/li>\n<li>You can contact a <a href=\"http:\/\/sites.scranton.edu\/tag\/home\/\" target=\"_blank\">TAG member<\/a> individually, email the group at <a href=\"mailto:tag-members@royallists.scranton.edu\">tag-members@royallists.scranton.edu,<\/a> or post to the <a href=\"http:\/\/sites.scranton.edu\/tag\/2010\/08\/23\/tag-discussion-list\/\" target=\"_blank\">TAG Discussion List<\/a>.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[Note: Significant updates made on 2014-05-13, 2014-05-07, and 2014-04-24. Updates on scheduling and encryption on 2014-07-02.] Back in April 2013, IT Services Director Jim Franceschelli and Information Security Director Adam Edwards came to TAG with a\u00a0proposal\u00a0to automate Identity Finder scans on faculty desktop computers. In June 2013, the\u00a0President\u2019s Cabinet approved the use of automated scans [&hellip;]<\/p>\n","protected":false},"author":80,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[485,494],"tags":[768,588,736,648,652,669],"class_list":["post-3273","post","type-post","status-publish","format-standard","hentry","category-announcements","category-security-2","tag-encryption","tag-identity-finder","tag-information-security","tag-pii","tag-privacy","tag-security"],"_links":{"self":[{"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/posts\/3273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/users\/80"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/comments?post=3273"}],"version-history":[{"count":37,"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/posts\/3273\/revisions"}],"predecessor-version":[{"id":3390,"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/posts\/3273\/revisions\/3390"}],"wp:attachment":[{"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/media?parent=3273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/categories?post=3273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.scranton.edu\/tag\/wp-json\/wp\/v2\/tags?post=3273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}