Information Security and Research Data 王大為 中研院資訊所
Important messages • Information Security is worth the effort in the long run • Data classification is important • “Sensitive” data should be handled with caution • It is a process, from data creation to deletion • Trust is the key word
• Use your common sense to deal with information security problem • Why do you need information security • What are the valuables • How to do it
Daily security decision • • Don’t talk to strangers Don’t walk alone in a dark alley Don’t hand your ATM card to anyone Do lock your door Put valuable to a safety box Buy insurance Don’t put all eggs in one basket
Why and What • Information security goals, to maintain data – Availability – Integrity – Confidentiality • • What are the valuable information assets? What are threats? How much will security incidents cost you? What’s the odd an incident occurs?
• High cost, very low probability: insurance – Earthquake insurance • High cost, high probability: do something to reduce the cost and/or the probability • Low cost, high probability: do a costbenefit analysis • Low cost, lost probability: what’s the problem?
How • • • How do you secure your home or office? How do you construct a building? How do you know your lift is safe? How do you fight against bacteria/virus? 。。。。 Working with the experts
Technical Jargons • If there is no common sense explanation, then either the person does not know it well enough or the technology is not mature. • Second opinions
Important cliché • Information security is a process not a product • 70% of the incidents caused by insiders, if not 80% • You won’t get a medal for a good security job, and you don’t want to be famous • Security is about balance not optimization – Cost-benefit, risk-convenience …
Research Data • What are the valuable information assets? • What are threats? – Data lost, deleted by accident, leaked • How much will security incidents cost you? – 3 month? A ph. d. ? Trust? • What’s the odd an incident occurs? – Depends on how you deal with it
Availability, Confidentiality • Hard disk crashed! – Solution: make a lot of copies. • New problem: confidentiality? • Confidentiality of what? – Personally identifiable information • De-identification ( explained in the afternoon)
• Store PID information in a secure place – Locked – Encrypted – No internet connection – Restricted access –… • De-identified data – Document how it is de-identified and make the document available
Why make documents public? • It is about trust • Why people give their time, tissue and information for research? – For the public good? – For the money? – Social Norm Theory – Trust is the key • Without trust!? !
The destruction of data • Why keep it if it is no longer needed? • Especially there is a risk to keep it • You made a promise in the inform consent form to destroy the data • Document the process • Document the destruction details
People • Not many evil people, but careless people everywhere! • A designated data custodian of PID – Make it a profession with authority – Institutions should consider create such a position • Education data users • Password rule
Conclusion • Researches are propelled by general public devoting their time, info, tissues… • Trust is abstract yet valuable • You make promises in the informed consent form • People, process, technology • Use your common sense and work with professionals
Скачать презентацию Information Security and Research Data 王大為 中研院資訊所
30e336e906ca9a85d25ec649da856b29.ppt