Division of Information Technology University of South Carolina Monthly News, updates, and tips from the SecureCarolina project team April 2015 Data Loss Prevention; An Early Success Three weeks have passed since the SecureCarolina suite of technologies was presented to network managers, system administrators, and project stakeholders. The Data Loss Prevention (DLP) agent has been successfully deployed to around 50% of the university’s devices. As outlined by the Data Loss Prevention (DLP) Scanning and Notification Schedule, the first scan came to a close on April 7th. The benefits are beginning to take shape! People often make claims like “I don’t have anything on my computer...”. Often, they are correct. But, sometimes users forget (or may have never known) what is/ was stored on a machine. During the first scan, 40% of the machines evaluated reported a DLP match. These files could include personal items that are stored on a university machine such as Federal and/or State Tax returns, Mortgage Forms, Passport Applications, EPMS forms, or other Pay-forPerformance documents. With the DLP tool in place (and in use), the University Information Security Office (UISO) makes the following initial recommendations: • Empty Recycle Bins (14% of identified matches live there) • Delete personal files from university-owned devices. CI • Remove and/or secure EPMS/PFP documents • Pay close attention to PDF and XLS files (these files are most likely to contain sensitive data) Module of the Month Last month, our team recommended users view the “Data Security” module on Securing the Human to brush up on information security knowledge prior to the SecureCarolina technology push in March. This month, our team has turned our sights toward whole disk encryption solutions. We recommend you do the same by taking a couple of minutes to watch the “Encryption” module. Encrypting your entire computer provides peace of mind that if that device is lost or stolen, the data it houses will remain protected. To log in, use your USC Columbia Network Username and password at https://usc.securingthehuman.org. If you experience any problems, contact the UTS Service Desk at (803) 777-1800. SecureCarolina Welcomes New Staff SecureCarolina is excited to introduce the newest member of our team, Jeremy Parrot. Jeremy brings 19 years of information security experience to the university. He has spent the past 8 years serving as the IT Security Assessments Team Lead for the University of Tennessee system. He brings an extensive set of skills to SecureCarolina in security consulting, risk and controls assessment, penetration testing, vulnerability management, and regulatory compliance. Mr. Parrot will primarily be assisting with compliance DLP training sessions are available to security liasons consultation, PCI & HIPAA assessment, assessments (as appointed by your OU), and scheduled to occur of systems & organizational units, and vulnerability through the end of May 2015. This training begins the process of gaining access to the DLP management console assessments. He maintains several professional by familiarizing participants with the definitions and certifications, including Certified Information Security workflow of DLP technology at the University of South Systems Professional (CISSP), and Certified HIPAA Carolina. To find out more, or to reserve a training spot, Professional. place a ServiceNow ticket to the UISO. www.sc.edu/securecarolina The University of South Carolina is an equal opportunity institution.