Monthly News, updates, and tips from the SecureCarolina project team April 2015

advertisement
Division of Information Technology
University of South Carolina
Monthly
News, updates, and tips from the SecureCarolina project team
April 2015
Data Loss Prevention; An Early Success
Three weeks have passed since the SecureCarolina suite
of technologies was presented to network managers, system
administrators, and project stakeholders. The Data Loss
Prevention (DLP) agent has been successfully deployed to
around 50% of the university’s devices. As outlined by the
Data Loss Prevention (DLP) Scanning and Notification
Schedule, the first scan came to a close on April 7th. The
benefits are beginning to take shape!
People often make claims like “I don’t have anything
on my computer...”. Often, they are correct. But,
sometimes users forget (or may have never known) what is/
was stored on a machine. During the first scan, 40% of
the machines evaluated reported a DLP match. These files
could include personal items that are stored on a university
machine such as Federal and/or State Tax returns, Mortgage
Forms, Passport Applications, EPMS forms, or other Pay-forPerformance documents.
With the DLP tool in place (and in use), the
University Information Security Office (UISO) makes the
following initial recommendations:
• Empty Recycle Bins
(14% of identified matches live there)
• Delete personal files from university-owned devices.
CI • Remove and/or secure EPMS/PFP documents
• Pay close attention to PDF and XLS files
(these files are most likely to contain sensitive data)
Module of the Month
Last month, our team
recommended users view the “Data
Security” module on Securing the
Human to brush up on information security knowledge
prior to the SecureCarolina technology push in March.
This month, our team has turned our sights toward
whole disk encryption solutions. We recommend you
do the same by taking a couple of minutes to watch the
“Encryption” module. Encrypting your entire computer
provides peace of mind that if that device is lost or stolen,
the data it houses will remain protected.
To log in, use your USC Columbia Network Username
and password at https://usc.securingthehuman.org. If you
experience any problems, contact the UTS Service Desk at
(803) 777-1800.
SecureCarolina Welcomes New Staff
SecureCarolina is excited to introduce the newest
member of our team, Jeremy Parrot. Jeremy brings 19 years
of information security experience to the university. He has
spent the past 8 years serving as the IT Security Assessments
Team Lead for the University of Tennessee system. He
brings an extensive set of skills to SecureCarolina in security
consulting, risk and controls assessment, penetration testing,
vulnerability management, and regulatory compliance.
Mr. Parrot will primarily be assisting with compliance
DLP training sessions are available to security liasons
consultation, PCI & HIPAA assessment, assessments
(as appointed by your OU), and scheduled to occur
of systems & organizational units, and vulnerability
through the end of May 2015. This training begins the
process of gaining access to the DLP management console
assessments. He maintains several professional
by familiarizing participants with the definitions and
certifications, including Certified Information Security
workflow of DLP technology at the University of South
Systems Professional (CISSP), and Certified HIPAA
Carolina. To find out more, or to reserve a training spot, Professional.
place a ServiceNow ticket to the UISO.
www.sc.edu/securecarolina
The University of South Carolina is an equal opportunity institution.
Download