Information security and research data
Download
1 / 16

Information Security and Research Data - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

Information Security and Research Data. 王大為 中研院資訊所. Important messages. Information Security is worth the effort in the long run Data classification is important “Sensitive” data should be handled with caution It is a process, from data creation to deletion Trust is the key word.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Security and Research Data' - fathi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Information security and research data

Information Security and Research Data

王大為

中研院資訊所


Important messages
Important messages

  • Information Security is worth the effort in the long run

  • Data classification is important

  • “Sensitive” data should be handled with caution

  • It is a process, from data creation to deletion

  • Trust is the key word


Information security and research data


Daily security decision
Daily security decision problem

  • Don’t talk to strangers

  • Don’t walk alone in a dark alley

  • Don’t hand your ATM card to anyone

  • Do lock your door

  • Put valuable to a safety box

  • Buy insurance

  • Don’t put all eggs in one basket


Why and what
Why and What problem

  • Information security goals, to maintain data

    • Availability

    • Integrity

    • Confidentiality

  • What are the valuable information assets?

  • What are the threats?

  • How much will security incidents cost you?

  • What’s the odd an incident occurs?


Information security and research data

  • High cost, very low probability: insurance problem

    • Earthquake insurance

  • High cost, high probability: do something to reduce the cost and/or the probability

  • Low cost, high probability: do a cost-benefit analysis

  • Low cost, lost probability: what’s the problem?


Information security and research data
How problem

  • How do you secure your home or office?

  • How do you construct a building?

  • How do you know your lift is safe?

  • How do you fight against bacteria/virus?

  • 。。。。

  • Working with the experts


Technical jargons
Technical Jargons problem

  • If there is no common sense explanation, then either the person does not know it well enough or the technology is not mature.

  • Second opinions


Important clich
Important cliché problem

  • Information security is a process not a product

  • 70% of the incidents caused by insiders, if not 80%

  • You won’t get a medal for a good security job, and you don’t want to be famous

  • Security is about balance not optimization

    • Cost-benefit, risk-convenience …


Research data
Research Data problem

  • What are the valuable information assets?

  • What are the threats?

    • Data lost, deleted by accident, leaked

  • How much will security incidents cost you?

    • 3 month? A ph.d.? Trust?

  • What’s the odd an incident occurs?

    • Depends on how you deal with it


Availability confidentiality
Availability, Confidentiality problem

  • Hard disk crashed!

    • Solution: make a lot of copies.

  • New problem: confidentiality?

  • Confidentiality of what?

    • Personally identifiable information

  • De-identification ( explained in the afternoon)


Information security and research data


Why make documents public
Why make documents public? problem

  • It is about trust

  • Why people give their time, tissue and information for research?

    • For the public good?

    • For the money?

    • Social Norm Theory

    • Trust is the key

  • Without trust!?!


The destruction of data
The destruction of data problem

  • Why keep it if it is no longer needed?

  • Especially there is a risk to keep it

  • You made a promise in the inform consent form to destroy the data

  • Document the process

  • Document the destruction details


People
People problem

  • Not many evil people, but careless people everywhere!

  • A designated data custodian of PID

    • Make it a profession with authority

    • Institutions should consider create such a position

  • Education data users

  • Password rule


Conclusion
Conclusion problem

  • Researches are propelled by general public devoting their time, info, tissues…

  • Trust is abstract yet valuable

  • You make promises in the informed consent form

  • People, process, technology

  • Use your common sense and work with professionals