Kaizenlog

—————————————+
| How Do You Deal With Sensitive Data?                               |
|   from the just-turn-off-db-access-for-everyone dept.              |
|   posted by ScuttleMonkey on Monday July 28, @18:32 (Security)     |
|   http://ask.slashdot.org/article.pl?sid=08/07/28/2149240 |
+——————————————————————–+

imus writes “Just wondering how most IT shops secure sensitive data
(customer records). Most centrally managed databases seem to be monitored
and maintained very well and IT workers know when they are tampered with
or when unauthorized access occurs. But what about employees who do
legitimate selects from these databases and then load CSV files and other
text files onto their laptops and PDAs? How are companies dealing with
situations where the database is relatively secure, but end-use devices
contain bits and pieces of sensitive business data, and sometimes whole
segments? Does anyone use sensitive data discovery software such as
[0]Find_SSNs or [1]Senf or other tools? Once found, how do you deal with
it? Do you force encryption, delete it or prevent extracts?”

Discuss this story at:
http://ask.slashdot.org/comments.pl?sid=08/07/28/2149240

Links:
0. http://filebox.vt.edu/users/rtilley/public/find_ssns/
1. https://source.its.utexas.edu/groups/its-iso/projects/senf/