Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security of Research Data

From: Tom Siu <thomas.siu () CASE EDU>
Date: Mon, 18 Sep 2006 10:18:01 -0400
My approach to data classification has been 3-tiered, much like Steve
at UWM.edu has in place, based on information impacts to (C)
onfidentiality, (I)ntegrity, und (A)vailability.

Tier 1:  Unrestricted;  C:low, I: moderate, A:low
Tier 2:  University Internal;  C:moderate, I: moderate to high,
A:moderate
Tier 3:   Restricted; C:high, I:moderate, A:moderate

I take extra lengths to avoid the use of taxonomy related to DoD or
Federal Government data classification (Confidential, Secret, Top-
Secret, SCI, tippy-topSecret, double secret probation,etc.) because
some research grants and proposals can be confused.  See the FIPS-199
(http://csrc/nist.gov/publications/fips/fips-199/FIPS-PUB-199-
final.pdf).

Some research data, based on the nature and proposed utility of the
information, can be categorized into each of the specific tiers.
Information that fits into the intellectual property, technolgy
transfer, human subjects research, is Tier 3, for example.

Regards,


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|||
   Tom Siu
   Chief Information Security Officer
   Case
   thomas.siu () case edu
   www.case.edu/its
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|||
Previous By Date Next
Previous By Thread Next

Current thread: