Information security and research data
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

Information Security and Research Data PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on
  • Presentation posted in: General

Information Security and Research Data. 王大為 中研院資訊所. Important messages. Information Security is worth the effort in the long run Data classification is important “Sensitive” data should be handled with caution It is a process, from data creation to deletion Trust is the key word.

Download Presentation

Information Security and Research Data

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Information security and research data

Information Security and Research Data

王大為

中研院資訊所


Important messages

Important messages

  • Information Security is worth the effort in the long run

  • Data classification is important

  • “Sensitive” data should be handled with caution

  • It is a process, from data creation to deletion

  • Trust is the key word


Information security and research data

  • Use your common sense to deal with information security problem

  • Why do you need information security

  • What are the valuables

  • How to do it


Daily security decision

Daily security decision

  • Don’t talk to strangers

  • Don’t walk alone in a dark alley

  • Don’t hand your ATM card to anyone

  • Do lock your door

  • Put valuable to a safety box

  • Buy insurance

  • Don’t put all eggs in one basket


Why and what

Why and What

  • Information security goals, to maintain data

    • Availability

    • Integrity

    • Confidentiality

  • What are the valuable information assets?

  • What are the threats?

  • How much will security incidents cost you?

  • What’s the odd an incident occurs?


Information security and research data

  • High cost, very low probability: insurance

    • Earthquake insurance

  • High cost, high probability: do something to reduce the cost and/or the probability

  • Low cost, high probability: do a cost-benefit analysis

  • Low cost, lost probability: what’s the problem?


Information security and research data

How

  • How do you secure your home or office?

  • How do you construct a building?

  • How do you know your lift is safe?

  • How do you fight against bacteria/virus?

  • 。。。。

  • Working with the experts


Technical jargons

Technical Jargons

  • If there is no common sense explanation, then either the person does not know it well enough or the technology is not mature.

  • Second opinions


Important clich

Important cliché

  • Information security is a process not a product

  • 70% of the incidents caused by insiders, if not 80%

  • You won’t get a medal for a good security job, and you don’t want to be famous

  • Security is about balance not optimization

    • Cost-benefit, risk-convenience …


Research data

Research Data

  • What are the valuable information assets?

  • What are the threats?

    • Data lost, deleted by accident, leaked

  • How much will security incidents cost you?

    • 3 month? A ph.d.? Trust?

  • What’s the odd an incident occurs?

    • Depends on how you deal with it


Availability confidentiality

Availability, Confidentiality

  • Hard disk crashed!

    • Solution: make a lot of copies.

  • New problem: confidentiality?

  • Confidentiality of what?

    • Personally identifiable information

  • De-identification ( explained in the afternoon)


Information security and research data

  • Store PID information in a secure place

    • Locked

    • Encrypted

    • No internet connection

    • Restricted access

  • De-identified data

    • Document how it is de-identified and make the document available


Why make documents public

Why make documents public?

  • It is about trust

  • Why people give their time, tissue and information for research?

    • For the public good?

    • For the money?

    • Social Norm Theory

    • Trust is the key

  • Without trust!?!


The destruction of data

The destruction of data

  • Why keep it if it is no longer needed?

  • Especially there is a risk to keep it

  • You made a promise in the inform consent form to destroy the data

  • Document the process

  • Document the destruction details


People

People

  • Not many evil people, but careless people everywhere!

  • A designated data custodian of PID

    • Make it a profession with authority

    • Institutions should consider create such a position

  • Education data users

  • Password rule


Conclusion

Conclusion

  • Researches are propelled by general public devoting their time, info, tissues…

  • Trust is abstract yet valuable

  • You make promises in the informed consent form

  • People, process, technology

  • Use your common sense and work with professionals


  • Login