What is Identity Finder and why is it required...

To download software please click here to be re-directed to the software center:  https://softwarecenter.case.edu/
Please click on image below to load mandate letter from the University Provost. 
This letter was sent to all Deans, Vice Presidents and Vice Provosts.
History and Background:
ITS has been given the task of finding a means to identify and remove all old SSN-based files that exist unsecured and found on desktops, laptops, and even handheld devices, where they are at risk for disclosure.

During the summer of 2009, the Information Security Office has been experimenting with a software utility which finds SSNs, credit card numbers (CCNs), and other data file types on Windows and Mac based personal computers.  This project has now become a campus-wide initiative at the request of the University President and University Provost.

This project is a Top Priority of the ITS department, with the collaboration between the Project Management Office, Customer Services and Support, Server Engineering, Network Engineering and Information Security Group.

The Identity Finder application will meet some of the objectives for removing old SSN based data, and reducing our risk of data loss through theft, malware infections, and inadvertent online disclosure of sensitive (Restricted) data.

Identity Finder works like an anti-virus product.  The client software installs locally, and communicates logs to a management reporting console operated by the Information Security Office.  It scans local and external storage media (hard drives) for patterns that match SSNs, Credit Card Numbers, password files, and other potentially sensitive information that could lead to the risk of identity theft.  The users will then be given the option of shredding (preferred) old SSN data, or moving the data to a secured file vault for later shredding.  Of primary interest is the search for SSNs, with CCNs being of secondary interest.  The goal of this unit testing, and your participation, is to exercise the implementation to identify how the system reports, and to identify any support issues that may arise before a phased deployment across campus occurs.  Thanks in advance for your assistance!
Policy updates have been made and approved by the University.  Please note the following:

SSN USAGE POLICY FOUND IN TIER 3 CONTROLS POLICY: http://www.case.edu/its/security/docs/ssn_usage.html



C.2 As part of the University’s phased compliance strategy, the University shall be entitled to take all reasonable steps to assess whether existing and/or legacy administrative processes, systems and applications are in compliance with this policy and the Case Acceptable Use Policy.  Each individual subject to this policy has a responsibility to help with this assessment.  This responsibility includes these elements:

C.2.1 Identification of any older data containing SSNs that were used in administrative or academic processes.

C.2.2  Isolation and purge of any non-essential files containing SSN data.  Removal of these files shall be performed in a manner which eliminates the risk of disclosure or data loss.

C.2.3 Application of established security controls, known as Tier III Controls, to protect sensitive information such as SSN data when its preservation is warranted and sanctioned.

C.2.4 Mandatory reporting of security events, theft, or loss involving SSN data.

C.2.5  Providing notice to ITS when the individual needs assistance in determining whether they are in compliance with this policy, such as whether their legacy processes, systems, and applications still retain or store SSN.

Any individual violating this policy may be subject to disciplinary action in accordance with the applicable policy on Confidentiality (HR Policy I-12).

 Case Western Reserve University is providing a software utility, Identity Finder, to assist university faculty and staff to comply with this policy.