Educause Security Discussion mailing list archives
Re: Chapel Hill researcher demoted after security breach
From: Martin Manjak <mm376 () ALBANY EDU>
Date: Fri, 8 Oct 2010 14:45:18 -0400
Just over a year ago, I was asked to become a member of our institution's IRB. This was a development that became obvious to our IRB director, my boss, and me, as more and more PIs were coming to me to vouch that they had information security controls in place to satisfy the requirements of the various government offices that were feeding them the research data. Since then, I have participated in exempt, expedited, and full reviews of research proposals. So far, this arrangement has proven to be a beneficial one for my office, the IRB, and individual researchers. I would encourage other information security functions to foster good relationships with the dedicated IRB staff and make yourself available as a resource for those PIs who are must certify that they have adequate protections in place when signing off on their agreements with the data providers/owners. On 10/7/2010 7:38 PM, Plesco, Todd wrote:
I couldn't really offer an educated opinion without knowing more details of the research grant itself and the actions leading up to the Provost's comments. It seems that with an IRB's involvement, there should have been a Compliance or Privacy Officer's involvement somewhere in that IRB panel or on the sidelines... Todd A. Plesco CISM, CBCP Chapman University, Director of Information Security One University Drive, Orange, CA 92866 Phone: (714) 997-6726/Fax: (714) 744-7041 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nicole Kegler Sent: Thursday, October 07, 2010 11:47 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Chapel Hill researcher demoted after security breach Has anyone been keeping up with this story about the Chapel Hill researcher who was demoted after her server, which contained PII, was hacked? http://chronicle.com/article/Chapel-Hill-Researcher-Fights/124821/?key=SmN7cgVsO3RHZ3pqYjgRMDwBP3xsYhh7YHVJOXB6bl9TGQ%3D%3D I would be interested in hearing your thoughts about this, and what could have been done differently by the university.
-- Martin Manjak Information Security Officer University at Albany CISSP, GSEC, GCWN
Current thread:
- Chapel Hill researcher demoted after security breach Nicole Kegler (Oct 07)
- Re: Chapel Hill researcher demoted after security breach David Escalante (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Doty, Timothy T. (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Allen Barrett (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Gene Spafford (Oct 07)
- Re: Chapel Hill researcher demoted after security breach John Ladwig (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Doty, Timothy T. (Oct 07)
- Re: Chapel Hill researcher demoted after security breach David Escalante (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Plesco, Todd (Oct 07)
- Re: Chapel Hill researcher demoted after security breach Martin Manjak (Oct 08)
- Re: Chapel Hill researcher demoted after security breach Koerber, Jeff (Oct 21)
- <Possible follow-ups>
- Re: Chapel Hill researcher demoted after security breach Dennis Bohn (Oct 22)