Data Discovery Scan

Data Discovery is used to detect and identify the storage of plaintext sensitive information such as Card Holder Data (CHD), Aadhaar card data (Indian citizens unique identification number) or any sensitive stored information within the scoped environment or the systems in the scope for the scan. It is an in-house & robust software, which is capable of scanning a large amount of flat file data and data stored in database systems.

QRC RSMA is an inhouse & robust software application that enables the user to scan servers, desktops, laptops or servers located in on-premise or cloud environment to perform the scan on file systems and users can also scan various database systems like MySQL, Cloud database systems etc. and database technologies.


Data Discovery Scan

Pre-engagement phase

Scope definition of the assessment to understand which type of assessment, i.e. Card Data Discovery or Aadhaar card data discovery and which systems should be in consideration for the assessment.

Data Discovery Scan

Initial Assessment process

Share the installation and execution manual along with the data discovery tool, assissting them setup the initial scan.

Data Discovery Scan

Inital Reporting

Share the identified directory locations along with the type of data, i.e., Card data or Aadhar data along with the masked identified number.

Data Discovery Scan

Confirmatory Assessment

After the reported plaintext data is deleted or stored securely via encryption techniques, the system is re-tested to validate the applied fix for the identified plaintext data.

Data Discovery Scan

Final Reporting

Based on the test results of the confirmatory assessment, a Pass/Fail report is issued.

Data Discovery Scan

Best scanning practices

Observe the best scanning practice period of 30 days, recommending that organizations should perform all scans and re-scans should be within 30 days.

frequently asked questions

The approximate time required for Data Discovery Scans is 3-4 Days and 1 Day for Reporting

A detailed report will be provided outlining the scope of the environment, which was tested, the methodology used, and a detailed explanation of the vulnerabilities detected along with a Proof of Concept (POC). The report will also cover detailed illustrative and possible recommendations to remediate the vulnerability.

Our team will share our proprietary QRC CDD tool. You will need to install and run the tool on the scope system. 

Related Updates

LinkedIn Facebook Twitter Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.