Educause Security Discussion mailing list archives
Re: Security of Research Data
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Tue, 5 Sep 2006 08:21:00 -0600
Since Jim (my auditor) seems to follow me around these lists, I'll take this chance to follow him. :-) One thing we're doing on our campus is having a discussion with the Human Research Committee (they oversee human subject research) on how human subject research data should fit into our data classification definitions and policies. I expect that most research campuses have something similar to our HRC, at least for human subject work. When it comes to human subject research data, I think it makes sense to see where it fits into existing policies for PII on your campus. I'm also putting the topic of research espionage/theft in the campus IT threat model I'm developing. I have yet to dive into this topic much, but I expect it to be of concern to researchers in highly competitive fields and/or research in particular topics. Of course, this is the tip of the iceberg when it comes to the topic of research data security, but I think those are the right places to start (critical issue of research that might include personal information and general threat modeling). I'm sure we'll get into other aspects of research security and I'm interested to see the responses from others. Don't forget to check on the security requirements included in the grant(s) or agreements with funding sources. Some grants may have very specific security requirements to satisfy. Brad Judy IT Security Office Information Technology Services University of Colorado at Boulder _____ From: Jim Dillon [mailto:Jim.Dillon () CUSYS EDU] Sent: Friday, September 01, 2006 9:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security of Research Data We are creating standards for Fiscal Responsibility much like one would find in a SOX implementation and are requiring financial principals to sign off throughout the university on their areas. Similarly we are creating new IT policies that make it clear that those implementing IT systems will be held accountable for the protection and effectiveness of those systems. How this works out is yet to be seen, but rather than hide this responsibility by simply assigning campus chancellors, we are now carrying the message to the scores of principals that they can no longer pretend the responsibility lies elsewhere. Some services are being deployed as well, but I expect there will continue to be a gap between expectation and performance for some time, but by forcing periodic assessments and signature affirmations we ought to at least be creating a human cry around the gap areas that may lead to some new funding priorities. That's my interpretation of the process, not the way the U would characterize it - Openness and Sox like Transparency would be the more official motto. If it is to work it will have to result in the consequences I alluded to I think, but these are my opinions, not that of the U. There are a lot of uncomfortable financial principals I hear. It will be interesting to see how this works its way out and if there is the institutional will to pursue openness and truthfulness in those assertions of compliance and responsibility. This of course includes grants and contract areas, aka research principals/PIs and the like. JD ***************************************** Jim Dillon, CISA, CISSP IT Audit Manager, CU Internal Audit jim.dillon () cusys edu 303-492-9734 ***************************************** _____ From: Crawford, Tim M. [mailto:tcrawford () GSB STANFORD EDU] Sent: Thursday, August 31, 2006 4:53 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security of Research Data I'm curious to know what strategies others use to address research data. Is this something that you're addressing today? If so, how do you identify and protect accordingly? Regards, Tim ______________________________________ Tim M. Crawford Associate Director, IT Operations Stanford Graduate School of Business 650.724.2447 <blocked::mailto:tcrawford () gsb stanford edu> tcrawford () gsb stanford edu
Current thread:
- Security of Research Data Crawford, Tim M. (Aug 31)
- <Possible follow-ups>
- Re: Security of Research Data Jim Dillon (Sep 01)
- Re: Security of Research Data Steve Brukbacher (Sep 01)
- Re: Security of Research Data Howell, Paul (Sep 05)
- Re: Security of Research Data Brad Judy (Sep 05)
- Re: Security of Research Data William Custer (Sep 05)
- Re: Security of Research Data Jim Dillon (Sep 05)
- Re: Security of Research Data Delaney, Cherry L. (Sep 06)
- Re: Security of Research Data Sadler, Connie (Sep 11)
- Re: Security of Research Data Howell, Paul (Sep 12)
- Re: Security of Research Data Tracy Mitrano (Sep 12)
- Re: Security of Research Data Crawford, Tim M. (Sep 12)
- Re: Security of Research Data Howell, Paul (Sep 13)
- Re: Security of Research Data Tracy Mitrano (Sep 13)
- Re: Security of Research Data Tracy Mitrano (Sep 13)
(Thread continues...)