1 / 16

Information Security and Research Data

Information Security and Research Data. 王大為 中研院資訊所. Important messages. Information Security is worth the effort in the long run Data classification is important “Sensitive” data should be handled with caution It is a process, from data creation to deletion Trust is the key word.

fathi
Download Presentation

Information Security and Research Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security and Research Data 王大為 中研院資訊所

  2. Important messages • Information Security is worth the effort in the long run • Data classification is important • “Sensitive” data should be handled with caution • It is a process, from data creation to deletion • Trust is the key word

  3. Use your common sense to deal with information security problem • Why do you need information security • What are the valuables • How to do it

  4. Daily security decision • Don’t talk to strangers • Don’t walk alone in a dark alley • Don’t hand your ATM card to anyone • Do lock your door • Put valuable to a safety box • Buy insurance • Don’t put all eggs in one basket

  5. Why and What • Information security goals, to maintain data • Availability • Integrity • Confidentiality • What are the valuable information assets? • What are the threats? • How much will security incidents cost you? • What’s the odd an incident occurs?

  6. High cost, very low probability: insurance • Earthquake insurance • High cost, high probability: do something to reduce the cost and/or the probability • Low cost, high probability: do a cost-benefit analysis • Low cost, lost probability: what’s the problem?

  7. How • How do you secure your home or office? • How do you construct a building? • How do you know your lift is safe? • How do you fight against bacteria/virus? • 。。。。 • Working with the experts

  8. Technical Jargons • If there is no common sense explanation, then either the person does not know it well enough or the technology is not mature. • Second opinions

  9. Important cliché • Information security is a process not a product • 70% of the incidents caused by insiders, if not 80% • You won’t get a medal for a good security job, and you don’t want to be famous • Security is about balance not optimization • Cost-benefit, risk-convenience …

  10. Research Data • What are the valuable information assets? • What are the threats? • Data lost, deleted by accident, leaked • How much will security incidents cost you? • 3 month? A ph.d.? Trust? • What’s the odd an incident occurs? • Depends on how you deal with it

  11. Availability, Confidentiality • Hard disk crashed! • Solution: make a lot of copies. • New problem: confidentiality? • Confidentiality of what? • Personally identifiable information • De-identification ( explained in the afternoon)

  12. Store PID information in a secure place • Locked • Encrypted • No internet connection • Restricted access • … • De-identified data • Document how it is de-identified and make the document available

  13. Why make documents public? • It is about trust • Why people give their time, tissue and information for research? • For the public good? • For the money? • Social Norm Theory • Trust is the key • Without trust!?!

  14. The destruction of data • Why keep it if it is no longer needed? • Especially there is a risk to keep it • You made a promise in the inform consent form to destroy the data • Document the process • Document the destruction details

  15. People • Not many evil people, but careless people everywhere! • A designated data custodian of PID • Make it a profession with authority • Institutions should consider create such a position • Education data users • Password rule

  16. Conclusion • Researches are propelled by general public devoting their time, info, tissues… • Trust is abstract yet valuable • You make promises in the informed consent form • People, process, technology • Use your common sense and work with professionals

More Related