Overview

Security Categorization (RA-2) requirements for systems that store or process critical or confidential data include 1) use of file encryption or whole-disk encryption software and 2) appropriate use of data loss prevention (DLP) software provided and managed by the Office of the CISO. Currently, the DLP solution provided by the Division of IT is Spirion Sensitive Data Manager.

Effective use of Data Loss Prevention software requires recognizing that endpoints and servers operate with different usage profiles and characteristics. This type of active monitoring tool may be appropriate in some scenarios (i.e., standard workstations with a compute load consisting primarily of business-class software), but might be inappropriate in other scenarios (i.e., research workstations with heavy computational or I/O loads or servers that need to support multiple client connections with a high degree of reliability).

Contact Information

Request

Information technology professionals may contact security@tamu.edu to request departmental access to the console, obtain the Spirion software, or ask any questions.

Request This Service

Service Details

Scheduled Scanning

By default, the Spirion agent will operate in a passive mode, with a weekly scheduled scan for sensitive information. This cadence can be adjusted as appropriate by each unit.

Active Monitoring

When critical or confidential information is found, procedures will be followed to remove, encrypt or secure the data. Alternatively, the data can be classified and tagged. Classified and tagged data will be actively monitored for inappropriate access.

Client-Server Model

In certain circumstances, servers that are used exclusively in a client-server mode, and which do not allow for interactive user sessions, may not need to have the Spirion agent installed if the information resource owner can establish that an active DLP agent has been installed on all endpoints connecting to the server.

Was this page helpful?