Educause Security Discussion mailing list archives
Re: research data security
From: Steve Brukbacher <sab2 () UWM EDU>
Date: Wed, 4 Nov 2009 15:19:51 -0600
Thanks for the reply. I recently had an RFI out for a GRC product. Didn't get anything from Archer unfortunately. Our vision is to purchase a HIPAA module for a GRC product, similar to what you are talking about. So what do you get for your subscription to HI Trust? Conceptually, my goal has been to do what you are talking about. Funding it is turning out to be another matter entirely, but it is very comforting to hear that this is working for someone else. -- Steve Brukbacher, CISSP University of Wisconsin Milwaukee Information Security Architect UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224 Chris Kidd wrote:
Steve, We are embarking on a similar effort with the IRB, but are also pulling in the Office of Sponsored Projects. We're using the HI Trust Alliance Common Security Framework (anyone else using that?) with Archer. Our initial thoughts are that the inherent/residual risk questionnaires would become a part of the research and grant application processes. Let me know what you come up with. Chris Chris Kidd Chief Information Security and Privacy Officer The University of Utah 650 Komas Drive, Suite 102 Salt Lake City, UT 84108 Office: 801.587.9241 Cell: 801.747.9028 chris.kidd () utah edu http://www.secureit.utah.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher Sent: Wednesday, November 04, 2009 1:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] research data security Hi, I'm working on my strategy for working with our researchers. We are beginning to work more formally with researchers as part of the IRB process. The variety of their work is great. Everything from one on one interviews going into an access database all the way to much larger web-based survey instruments that will need to handle PHI. What I'm wondering is how are other institutions handling these situations? Do you do a risk assessment/security planning engagement with each of them? Is it left up to departmental IT staff? Any tips for managing the workload on these? Anyone have checklists that have been useful in getting the basics taken care of?
Current thread:
- research data security Steve Brukbacher (Nov 04)
- <Possible follow-ups>
- Re: research data security Chris Kidd (Nov 04)
- Re: research data security Steve Brukbacher (Nov 04)
- Re: research data security Scott Bradner (Nov 04)
- Re: research data security Faith Mcgrath (Nov 04)
- Re: research data security Steve Brukbacher (Nov 05)