Sensitive Information Remediation Project


Why are we doing the Sensitive Information Remediation (SIR) Project?

In a 2011 University-wide assessment of risk, sensitive information was found to be “nearly ubiquitous”

  • Sensitive information (SI) is often stored on desktop computers and central shared storage
  • Copies of the same sensitive file are often found on multiple systems
  • Sensitive information tends to migrate with users when they are assigned a new computer or their roles change within the organization
  • Older, sensitive information is seldom securely deleted

What are the project's goals?

    • Seek and identify sensitive, University-owned information using Identity Finder
      • ITS has licensed a file scanning application, Identity Finder, for all faculty, staff and any students who may have SI
      • Phase I will scan for: Social Security numbers, passport numbers and credit card numbers.
      • Later phases may include scanning for additional identifiers. Upon departmental leader request, the ITS technical team will help a department organize a scan for additional identifiers.
    • Remediate sensitive information
      • Delete the document containing sensitive information if it is not needed (using Identity Finder)
      • If the document is needed, remove only sensitive fields (e.g., replace 123-45-6789 with xxx-xx-xxxx) (using Identity Finder)
      • If retention of the sensitive information is required, store the SI safely on professionally managed, central file storage that meets the requirements of the System Administration Initiative (SAI). When essential for intensive local use, the SI may be stored on workstations or laptops that meet the required, enhanced security standards (please see page 18 of the Information Security Policy).
    • Manage sensitive information into the future
      • Appropriately classify information regarding whether it is sensitive
      • Store safely on SAI-approved file server
      • Review regularly according to retention schedule approved by appropriate data steward

What is the scope of the project?

  • Remediate sensitive information on all faculty and staff computers, even those that are encrypted
    • Encryption protects sensitive information on equipment that is lost or stolen while shut down. When an encrypted computer is running, the files are at risk of exposure from intrusions.
  • Remediate sensitive information on select student computers (i.e., students who likely have sensitive, University-owned information on their computers)
  • University-owned shared and individual storage running MS Windows or Mac OS X, or searchable from an Identity Finder client installed on those operation systems
  • University-owned servers running Microsoft Windows
  • For computers, servers or storage space within the scope of this project, there are two primary tasks:
    • Perform the scan
    • Review the resulting match list and resolve flagged entries
      • Dismiss false positives
      • Remediate true positives through file deletion, removing only the sensitive information from the file, or storing the file with SI on a SAI- approved file server
  • Time spent scanning and remediating the information will vary based on the amount of data and the amount of sensitive information identified during the scan. For example, a scan can take from 1 hour to more than 8 hours. Remediation of the match list may take a few minutes or a few hours.

What is the proposed timeline for the activity?

  • ITS will complete scans and remediation of ITS’s own desktops, laptops, space and AFS space by June 1, 2014.
  • The ITS Information Security Office began working with Project SIR early adopter participants in March 2014. Those departments include: Finance and Administration, Human Resources, University Development, School of Social Work, and selected departments in the College of Arts and Sciences.
  • Other campus units may begin scanning in Spring 2014. Units are encouraged to scan high-risk areas first. The ITS Information Security Office can assist in identifying potential high-risk areas.
  • ITS will provide the following support:
    • Tools to scan and identify sensitive data
    • Documentation and Frequently Asked Questions (FAQs)
    • Project plans and lessons learned from ITS’s experience
    • Additional consultation and guidance as requested
  • Units will manage their own scanning timeline and schedule
  • Data stewards will be asked to attest to remediation of data under their oversight. (Data stewards are individuals responsible for the oversight of information in their areas.)
    • Options include:
      • Attestation by individuals for information under their control (e.g., their assigned computers)
      • Attestation by unit leads (chairs, directors, deans) for all the unit’s data
      • A hybrid approach based on specific unit organizational structures
  • Project SIR currently has a goal of remediating 90% of University-owned laptops and desktops, as well as departmental, individual, and shared file storage space (e.g. by April 2015.


Identity Finder Frequently Asked Questions

End User Help Documents

ResNet Wireless Upgrade

ITS and UNC Housing and Residential Education are joining forces and resources, with the assistance of one-time funding support from within the University, and engagement of the Residence Hall Association, for the purpose of providing pervasive wi-fi/wireless coverage within all on-campus University residence halls. Continue reading

Neutral Hosting/Distributed Antenna System (DAS)

The Neutral Hosting/DAS initiative is a multi-year project, funded by the DAS licensees (“consortium”), to provide reliable outdoor and indoor cellular coverage and capacity across the UNC campus.  This unique approach provides a common (shared) transport infrastructure for all cellular carriers in addition to providing enhanced in-building coverage for UNC Public Safety’s two-way radio system.  Due to the complexity of system design, construction coordination and approval requirements, the DAS is being deployed in three phases over the next few years. Continue reading

Voice over Internet Protocol (VoIP)

Over the course of the next two years, Information Technology Services Communication Technologies is replacing the legacy AT&T Centrex phone service with a new, hosted, Voice over Internet Protocol (VoIP) system from Verizon Business – Verizon Business Hosted IP Centrex (HIPC).  In addition to realizing cost savings for the University, this new technology brings new phones and the capability to move phones without direct coordination with an outside vendor. Continue reading

Classroom Wi-Fi Initiative

During this past spring and summer, ITS Comm Tech and Teaching and Learning undertook an initiative to install pervasive wi-fi coverage in all General Purpose Classrooms on campus. The IT representatives of the professional schools were also asked for their top priorities for classroom wireless and coverage was added in many of those areas as well.  Over 230 new wireless access points were installed to make this happen. Continue reading

Secure NAS

ITS is developing a new secure storage solution.  The service model is being developed through collaboration with the IT Executive Council (ITEC) and the IT Infrastructure Steering Committee.  The solution is designed to store sensitive data as defined in the UNC Information Security Policy.  User access to the service will be through the CIFS protocol.  Windows customers will map a drive to \\\depts\department.  Mac and Samba clients will connect via their native functionality.  Continue reading

About HeelMail

HeelMail is the student e-mail system at the University of North Carolina at Chapel Hill. It is powered by Microsoft’s Live@edu platform. Advantages of using HeelMail include collaboration tools, a calendar and integration with the ITS-managed Exchange e-mail system for faculty and staff. Continue reading

Microsoft Exchange at UNC-Chapel Hill

Latest News

Exchange Quota Extension Service

Given the need expressed by some campus Exchange users to have more e-mail storage than the current 2 GB quota, ITS now offers a for-fee service that supplements the default quota and provides increased storage. . . . Read More

Exchange migration updates

UNC-Chapel Hill is entering the final phase of the transition to a centrally supported campus Exchange service.

We strongly encourage units and/or users to complete their transition to Exchange as soon as possible and no later than Friday, September 16 . A mandatory transition begins on Sunday, September 18. Please be aware that any e-mail or business processes reliant on the IMAP service will not function after the mandatory transition period.

Continue reading