Educause Security Discussion mailing list archives
Re: Security of Research Data
From: "Sadler, Connie" <Connie_Sadler () BROWN EDU>
Date: Mon, 11 Sep 2006 13:42:29 -0400
We use "public", "regulated" and anything else is "confidential". It's not perfect, but it seems to be working so far, even tho regulated data is automatically also confidential. We think it is important for individuals who generate or manage or have access to regulated data to know it - and also that they know what they are expected to do to comply. Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security Officer Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu Office: 401-863-7266 -----Original Message----- From: Delaney, Cherry L. [mailto:cdelaney () PURDUE EDU] Sent: Wednesday, September 06, 2006 8:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security of Research Data We use Public, Sensitive and Restricted as our categories and they are well defined. Cherry -----Original Message----- From: Howell, Paul [mailto:grue () UMICH EDU] Sent: Tuesday, September 05, 2006 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security of Research Data Does your campus community intuitively understand the labels "Confidential, Sensitive and Public", and what research (or other) data fit into each category? We've been using similar labels for a few years and still encounter difficulties communicating the security around terms such as "Confidential" & "Sensitive". A common question is which one is higher? We reverse the order here, "Sensitive, then Private/Confidential, then Public", for example. I wish that there were generally recognized labels that we could all use and that were intuitive to the community. < paul
-----Original Message----- From: Steve Brukbacher [mailto:sab2 () UWM EDU] Sent: Friday, September 01, 2006 6:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security of Research Data We're encouraging people to think in terms of data classification, regardless of whether it is research data or HR data or any other source. We have a high-level information security policy pending approval. Underneath that will be a data classification policy, system
config guidelines, etc. In our proposed data classification guidelines, we state that research
data should be considered sensitive data if it does not fall in to the
higher category of confidential (based on a 3-tiered classification scheme, (Confidential, Sensitive and Public). We've also implemented a file share program, Xythos to allow researchers to share information in a manner that is safer than sending thing in email attachments or opening up an FTP port on a departmental machine or email an unencrypted CD through the mail. It allows users granular control over what UWM users can access what folders/files and
related permissions. It also allows for the creation of tickets or web links to documents. While this gives whoever knows the link access to the file, it can also be password protected. As you might imagine, good user training will be key here. We're working on developing requirements for laptop encryption apps (preferably whole hard drive) as well and hope to have something available to our users in the near future. We've seen an increase in the number of research programs going mobile, so we are responding to that increased risk. -- Steve Brukbacher, CISSP University of Wisconsin Milwaukee Information Security Coordinator UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224 Crawford, Tim M. wrote:I'm curious to know what strategies others use to addressresearch data.Is this something that you're addressing today? If so, how do you identify and protect accordingly? Regards, Tim ______________________________________ /Tim M. Crawford/ /Associate Director, IT Operations/ /Stanford Graduate School of Business/ /650.724.2447/ /tcrawford () gsb stanford edu/<blocked::mailto:tcrawford () gsb stanford edu>
Current thread:
- Security of Research Data Crawford, Tim M. (Aug 31)
- <Possible follow-ups>
- Re: Security of Research Data Jim Dillon (Sep 01)
- Re: Security of Research Data Steve Brukbacher (Sep 01)
- Re: Security of Research Data Howell, Paul (Sep 05)
- Re: Security of Research Data Brad Judy (Sep 05)
- Re: Security of Research Data William Custer (Sep 05)
- Re: Security of Research Data Jim Dillon (Sep 05)
- Re: Security of Research Data Delaney, Cherry L. (Sep 06)
- Re: Security of Research Data Sadler, Connie (Sep 11)
- Re: Security of Research Data Howell, Paul (Sep 12)
- Re: Security of Research Data Tracy Mitrano (Sep 12)
- Re: Security of Research Data Crawford, Tim M. (Sep 12)
- Re: Security of Research Data Howell, Paul (Sep 13)
- Re: Security of Research Data Tracy Mitrano (Sep 13)
- Re: Security of Research Data Tracy Mitrano (Sep 13)
- Re: Security of Research Data Crawford, Tim M. (Sep 13)
- Re: Security of Research Data Joseph Clark (Sep 14)
- Re: Security of Research Data Basgen, Brian (Sep 15)
- Re: Security of Research Data Tom Siu (Sep 18)