Educause Security Discussion mailing list archives

Re: Security of Research Data

From: Jim Dillon <Jim.Dillon () CUSYS EDU>
Date: Fri, 1 Sep 2006 09:50:10 -0600

We are creating standards for Fiscal Responsibility much like one would
find in a SOX implementation and are requiring financial principals to
sign off throughout the university on their areas.  Similarly we are
creating new IT policies that make it clear that those implementing IT
systems will be held accountable for the protection and effectiveness of
those systems.  How this works out is yet to be seen, but rather than
hide this responsibility by simply assigning campus chancellors, we are
now carrying the message to the scores of principals that they can no
longer pretend the responsibility lies elsewhere.  Some services are
being deployed as well, but I expect there will continue to be a gap
between expectation and performance for some time, but by forcing
periodic assessments and signature affirmations we ought to at least be
creating a human cry around the gap areas that may lead to some new
funding priorities.
 
That's my interpretation of the process, not the way the U would
characterize it - Openness and Sox like Transparency would be the more
official motto.  If it is to work it will have to result in the
consequences I alluded to I think, but these are my opinions, not that
of the U.
 
There are a lot of uncomfortable financial principals I hear.  It will
be interesting to see how this works its way out and if there is the
institutional will to pursue openness and truthfulness in those
assertions of compliance and responsibility.
 
This of course includes grants and contract areas, aka research
principals/PIs and the like.
 
JD
 
 
*****************************************
Jim Dillon, CISA, CISSP
IT Audit Manager, CU Internal Audit
jim.dillon () cusys edu
303-492-9734
*****************************************
 
 
 

________________________________

From: Crawford, Tim M. [mailto:tcrawford () GSB STANFORD EDU] 
Sent: Thursday, August 31, 2006 4:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security of Research Data


I'm curious to know what strategies others use to address research data.
Is this something that you're addressing today? If so, how do you
identify and protect accordingly?
 
Regards,
 
Tim
 
______________________________________
Tim M. Crawford
Associate Director, IT Operations
Stanford Graduate School of Business
650.724.2447
tcrawford () gsb stanford edu <blocked::mailto:tcrawford () gsb stanford edu>

Current thread:

Security of Research Data Crawford, Tim M. (Aug 31)
- <Possible follow-ups>
- Re: Security of Research Data Jim Dillon (Sep 01)
- Re: Security of Research Data Steve Brukbacher (Sep 01)
- Re: Security of Research Data Howell, Paul (Sep 05)
- Re: Security of Research Data Brad Judy (Sep 05)
- Re: Security of Research Data William Custer (Sep 05)
- Re: Security of Research Data Jim Dillon (Sep 05)
- Re: Security of Research Data Delaney, Cherry L. (Sep 06)
- Re: Security of Research Data Sadler, Connie (Sep 11)
- Re: Security of Research Data Howell, Paul (Sep 12)
- Re: Security of Research Data Tracy Mitrano (Sep 12)
- Re: Security of Research Data Crawford, Tim M. (Sep 12)

(Thread continues...)