×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Are there any "freeware" tools out there that can aid in locating instances within existing spool files where sensitive data may be exposed, such as credit card numbers (regardless of the amount of masking done to the 16 digits), social security numbers, customer account numbers, pay rates, etc.?
We (my current client) recently went through the process of obtaining approval for the removal of *SPLFDTA from QAUDLVL (it is a heavy hitter to the security journal receivers, after all) only to find that there are a few reports that a developer is aware of that show SS numbers and pay rates in the clear that probably should be monitored! We could always go the route of securing the output queues with authorization lists and whittling down our *SPLCTL special authority users as much as possible and then monitor those that remain more closely as a mitigating control, but I think all involved would rather know precisely where the sensitive data is exposed in the report generation and distribution process and fix (change) how it's handled. In fact, PCI compliance practically demands it.
I know of third-party tools like BCD's Catapult, that provides "the ability to automatically create unlimited search indexes based on content in the document such as PO number," but I'm sure that is based upon the fact that you know which fields are present in the documents being searched. It would take a LONG time to go through all of the output queues and their spool files manually in an attempt to find the sensitive fields...
Any experience with this kind of thing or ideas?
Best regards,
Steven W. Martinson, CISA, CISM, CISSP
Security Consultant
Cypress, Texas
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.