Re: research data security

[STEVE MAGRIBY <magriby () UT EDU>]

Sent from my HTC smartphone

-----Original Message-----
From: Gary Dobbins <dobbins () ND EDU>
Sent: Thursday, February 18, 2010 12:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] research data security

For what it's worth, we started down that road, and surprisingly enough found that the first hurdle was that some 
researchers didn't perceive their data as valuable (to anyone else) and so felt no need to protect its confidentiality. 
 Other threats may also not be recognized, such as its continued availability (e.g. no backups), or integrity (e.g. 
sabotage).

So if venturing there again I'd start by providing some useful info on the nature of the risks, geared especially 
toward conveying an intuitive sense of the threats.  Some may not believe there *are* any threats.


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve
> Brukbacher
> Sent: Thursday, February 18, 2010 11:30 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] research data security
>
> Hi,
> I'm trying to get my arms around our research data security
> situation at
> our institution.  I'm fairly convinced we need a separate
> "protocol" for
>   research data security, just like we all have an IRB requirement,
> requirements for animal care, etc.
>
> I know some will reply that this should "happen" in the IRB
> process, but
> unfortunately, a lot of data security detail is beyond the scope of
> what
> an IRB is tasked with doing.
>
> So my question is, does anyone feel like they have a success story
> to
> share in ensuring that researchers using data with high
> confidentiality
> requirements meet some sort of security standards?
>
>
> --
> Steve Brukbacher, CISSP
> University of Wisconsin Milwaukee
> Information Security Architect
> UWM Computer Security Web Site
> www.security.uwm.edu
> Phone: 414.229.2224