header announcements general info phase 1 phase 2 incident reporting educational offerings contact information log in pennstate home page search penn state search ipas site ipas home page

phaseii

...home

PHASE II

Scanning FAQs

Fact Sheet

Best Practices

Supporting Tools

General FAQs

PSU Policies

Links of Interest

Educational Offerings

 

home | phase ii | scanning

Scanning Tool

Proventsure's Governance and Compliance Platform scanning tool is available to all Penn State departments. This client-server application scans systems for trojan's, rootkits, SSN's, credit cards, bank account information, as well as other user specified data. Overall, the results can be used to help identify security flaws, which could have a significant impact on eDiscovery; regulatory compliance reporting; automated governance audit and assessments; information risk identification; end-user accountability and retention auditing.

The scanning of University-owned in University facilities will require a mandatory scan starting Fall, 2008. Contact the IPAS team to schedule a scan after reviewing the FAQs below.

FAQs

  1. What is the purpose of the scan?
  2. What type of computers are required to be scanned?
  3. I can attest my computer is clean and free of sensitive information. Does my computer still need to be scanned?
  4. How does the software work?
  5. What is the scanning process from start to finish?
  6. Can we see the report from our computer?
  7. What does the scan report look like?
  8. Can the scanning tool tell the difference between student IDs and SSNs?
  9. Will this affect the performance of my computer?
  10. Will the scan expose personal information I have on my computer?
  11. What is the scanning interval?
  12. What information is sent to the IPAS Server?
  13. When should we start scanning?
  14. I am not an IT person, can I still scan my system before this process is initiated in my department?
  15. Is the scanning program an IPAS requirement?
  16. Is there a secure delete method for data removal?
  17. How does this benefit me?
  18. Do other educational institutions have a scanning program?

1. What is the purpose of the scan?
A. To protect you as an individual, as well as the data you work with. Governing State and Federal regulations as well as contractual agreements exist today, which have strict storage and handling requirements. Visit the links of interest page for examples of current regulations and standards. If sensitive data is not handled in a protected and secure manner, fines can be levied and the University’s reputation could be seriously damaged.

2. What type of computers must be scanned?
A. In the early phases of scanning University-owned computers in University facilities will need to be scanned. [back to top]

3. I can attest my computer is clean and free of sensitive information. Does my computer still need to be scanned?
A. Yes. We are protecting you as an individual against accumulating costs to you personally and overall mitigating the risk. [back to top]

4. How does the software work?
A. The software scans the files on your computer looking for what has been defined as possible sensitive information. Much like a virus scan, it is searching for strings of characters such as Social Security Numbers (SSN's) and credit card numbers. It also has the added benefit of detecting malicious code such as Trojan Horse programs and rootkits. [back to top]

5. What is the scanning process from start to finish?

  1. Proventsure's scanning client will be installed or will run from a USB key on the computer by departmental IT staff.
  2. An initial scan will be performed, future periodic scans may be scheduled.
  3. Upon scan completion, the report of file locations and any offending strings (programming code) will be sent to a central server maintained by IPAS staff.
  4. The report will then be evaluated by IPAS and your IT staff.
  5. Following the scan, the departmental IT staff will work with the individual involved in the situation to verify the existence of sensitive information and will explain the appropriate steps necessary to remove the data. [back to top]

6. Can we see the report from our computer?
A. The report does not reside on your local computer. Your IT staff will have access to the report. If suspect files are detected, your IT staff will review the report with you. [back to top]

7. What does the scan report look like? 
View the sample scan report.

8. Can the scanning tool tell the difference between student IDs and SSNs?
A: Yes, since SSNs never start with a number 9. [back to top]

9. Will this affect the performance of my computer?
A. The scan process may cause a little slowness during the scan, but it will still be usable. It is very similar to an anti-virus scan running in the background. [back to top]

10. Will the scan expose personal information I have on my computer?
A. The scan will search for character "strings," such as the numerical pattern used in a Social Security Number or credit card, but will not expose the actual file contents. [back to top]

11. What is the scanning interval?
A. The frequency of scanning has not yet been determined, however, mandatory scanning will begin in fall 2008. Scanning may begin earlier in sensitive areas. [back to top]

12. What information is sent to the IPAS Server?
A. The Proventsure software creates a report of the file location and the detected string. This information is sent to the central IPAS scanning server. The software does NOT automatically delete files (like anti-virus software) nor does it send the entire file contents to IPAS in the report. [back to top]

13. When should we start scanning?
A. Your department may start scanning as soon as they like. Remember, scanning will be mandated in Fall 2008. Computers at high risk should be targeted first. Contact your local technical staff if you would like to get started now. [back to top]

14. I am not an IT person, can I still scan my system before this process is initiated in my department?
A: Yes, Proventsure has a self scanner tool that can be used by all staff and faculty. [back to top]

15. Is the scanning program an IPAS requirement?
A: No. File scanning is a University-wide program that was developed to assure the privacy and security of critical information. The IPAS team is responsible for raising awareness and consulting with departments on best practices. [back to top]

16. Is there a secure delete method for data removal?
A: Yes, there are several applications available to securely delete the data. Contact your local IT support for additional information. [back to top]

17. How does this benefit me?
A. By ensuring that computers you use do not contain sensitive data you are less likely to be involved in a data breach remediation and/or University sanctions. As the theft of laptops and network based intrusions continue to rise, there is a real need to protect sensitive information by improving your personal security environment. "Think globally, act locally." [back to top]

18. Do other educational institutions have a scanning program?
A: Yes, just to name a few...

  • University of Pittsburgh (Pitt)
  • James Madison University (JMU)
  • Rochester Institute Technology (RIT)
  • Louisiana State University (LSU)
  • University of Maryland Baltimore County (UMBC)
  • George Washington University (GW)
  • University of California - Berkeley
  • American University (AU) [back to top]

 

 

 

 

Site Index | Privacy and Legal Statements | Copyright 2007 The Pennsylvania State University | Contact Us