Data Security: Policies and Regulations Impacting Research Data: Information Security

There are three main aspects of information security:

1. Confidentiality : Ensuring data remains private.
2. Integrity : Ensuring the data are accurate.
3. Availability: Ensuring data are accesible to the appropriate people.

Higher education institutions are often targets for people who are looking to mine sensitive information for profit.  UNC is an institution committed to information sharing, and this includes sensitive data. It is important to note that everyone who comes into contact with sensitive data has a responsibility to ensure information security.

Computer management, maintenance and upkeep

• Identify systems storing sensitive information.
• Scan these systems for vulnerability monthly.
• Ensure operating systems and system applications are up to date.

Encrypt mobile devices

For devices storing sensitive information, encryption is required.

• Whole disk encryption on laptops
• Device or file and folder encryption on smartphones
• File and folder encryption on portable media like flashdrives

Tools to use

• Pretty Good Privacy (PGP)
• Truecrypt
• Hardware encrypted devices
• Passwords

Adopt less risky behaviors

• Limit personal browsing on machines with sensitive information.
• Remove sensitive information from machines that do not need it.
• Be wary of free software.
• Avoid storing sensitive information on mobile devices.
• Report suspicious events.

More Information

See the Protect Your Device and Protect University Data sections at https://safecomputing.unc.edu for guidance.

<Previous   Next>