Data Loss Protection Software Implemented at HSPH

The fourth item in Harvard University’s Information Security Mandate “Finding High Risk Confidential Information (HRCI),” requires that each School must ensure that all University-owned computers and servers are annually scanned to locate High Risk Confidential Information (HRCI).

In response to this University mandate and over the next few weeks, the HSPH Department of Information Technology will begin deploying a new security product called Data Loss Prevention (DLP), from McAfee.  This product will be used to scan all HSPH-owned PC’s and servers for HRCI annually. Once the automated scan of your computer is completed, each user will receive an email from the DLP system, listing any files which meet the preset patterns for HRCI, such as social security numbers. The user is then responsible for investigating and remediating the information as necessary.

As a reminder to everyone, the Harvard Enterprise Information Security Policy states that no High Risk Confidential Information may be stored on any PC, laptop or other portable media, and approval must be obtained from the University and school Security officers  prior to storing any HRCI data on a secure server.

The University’s complete Information Security policy can be found at: http://www.security.harvard.edu/
Note: this offering is for PCs only, Macs are not targeted at this time.

For questions or assistance with this policy, please contact Andy Ross, HSPH Security Manager at 617-432-1279 or aross@hsph.harvard.edu.