Data Security: Policies and Regulations Impacting Research Data

Security considerations in managing sensitive data.

What is Information Security?

Typically there are 3 main characteristics that come into play when dealing with information security:

  1. Confidentiality : Ensuring data remains private.
  2. Integrity : Ensuring the data is accurate.
  3. Availability: Ensuring data is accesible to the appropriate people.

Why Is It Important?

Higher education institutions are often targets for people who are looking to mine sensitive information for profit.  UNC is an institution committed to information sharing, and this includes sensitive data. It is important to note that everyone who comes into contact with sensitive data has a responsibility to ensure information security.

Guidelines for Information Security/Steps for Reducing Risk

Computer management, maintenance and upkeep

  • Identify systems storing sensitive information
  • Scan these systems for vulnerability monthly
  • Ensure operating systems and system applications are up to date

 

Encrypt mobile devices

For devices storing sensitive information, encryption is required.

  • Whole disk encryption on laptops
  • Device or file and folder encryption on smartphones
  • File and folder encryption on portable media like flashdrives

Tools to use

  • Pretty Good Privacy (PGP)
  • Truecrypt
  • Hardware encrypted devices
  • Passwords

 

Adopt less risky behaviours

  • Limit personal browsing on machines with sensitive information
  • Remove sensitive information from machines that do not need it
  • Be wary of free software
  • Avoid storing sensitive information on mobile devices
  • Report suspicious events

 

More Information

Continue...