Educause Security Discussion mailing list archives

Re: Security of Research Data

From: Steve Brukbacher <sab2 () UWM EDU>
Date: Fri, 1 Sep 2006 17:31:03 -0500

We're encouraging people to think in terms of data classification,
regardless of whether it is research data or HR data or any other
source.  We have a high-level information security policy pending
approval. Underneath that will be a data classification policy, system
config guidelines, etc.

In our proposed data classification guidelines, we state that research
data should be considered sensitive data if it does not fall in to the
higher category of confidential (based on a 3-tiered classification
scheme, (Confidential, Sensitive and Public).

We've also implemented a file share program, Xythos to allow researchers
  to share information in a manner that is safer than sending thing in
email attachments or opening up an FTP port on a departmental machine or
email an unencrypted CD through the mail.  It allows users granular
control over what UWM users can access what folders/files and related
permissions.  It also allows for the creation of tickets or web links to
documents.  While this gives whoever knows the link access to the file,
it can also be password protected.  As you might imagine, good user
training will be key here.

We're working on developing requirements for laptop encryption apps
(preferably whole hard drive) as well and hope to have something
available to our users in the near future. We've seen an increase in the
number of research programs going mobile, so we are responding to that
increased risk.


--
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Coordinator
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224



Crawford, Tim M. wrote:

I'm curious to know what strategies others use to address research data.
Is this something that you're addressing today? If so, how do you
identify and protect accordingly?

Regards,

Tim

______________________________________
/Tim M. Crawford/
/Associate Director, IT Operations/
/Stanford Graduate School of Business/
/650.724.2447/
/tcrawford () gsb stanford edu/ <blocked::mailto:tcrawford () gsb stanford edu>

Current thread:

Security of Research Data Crawford, Tim M. (Aug 31)
- <Possible follow-ups>
- Re: Security of Research Data Jim Dillon (Sep 01)
- Re: Security of Research Data Steve Brukbacher (Sep 01)
- Re: Security of Research Data Howell, Paul (Sep 05)
- Re: Security of Research Data Brad Judy (Sep 05)
- Re: Security of Research Data William Custer (Sep 05)
- Re: Security of Research Data Jim Dillon (Sep 05)
- Re: Security of Research Data Delaney, Cherry L. (Sep 06)
- Re: Security of Research Data Sadler, Connie (Sep 11)
- Re: Security of Research Data Howell, Paul (Sep 12)
- Re: Security of Research Data Tracy Mitrano (Sep 12)
- Re: Security of Research Data Crawford, Tim M. (Sep 12)
- Re: Security of Research Data Howell, Paul (Sep 13)

(Thread continues...)