Information Security Guidance for researchers

The table below lists the major risks that need to be examined in research information systems with sensitive data, and some of the basic countermeasures that will help address those risks.

Computer Risk Areas:

Preventative Counter Measures:

Unauthorized access to sensitive information Restrictive file access permissions
Individual accounts for each person
Complex (strong) passwords
Regular access permission reviews
Compromised system security as a result of an intruder Logging of activity on the computer system
Monitoring/ alerting of computer system events
Regular updates/patching of systems and applications
Interception of sensitive information on the network Network encryption such as SSL/SSH
File or Folder encryption
Physical loss of computer room or equipment Regular backups
Disaster recovery procedures developed and tested
Errors or corruption introduced into systems Data integrity controls (i.e. validity checks on web form inputs)
Software change management procedures and testing

Hawk IRB Application

The following is a description of what we do with the information you, as University of Iowa Researchers submit in section 10 of the Hawk IRB application.

  1. Identification: The IT-Security Office (ITSO) is automatically notified when an application is submitted that indicates collection of SSN's
  2. Review: ITSO examines the protection that was described for electronic data
  3. Assistance: ITSO contacts the person specified as responsible for computer security to:
  • Share guidance (policy and procedures) for protection of confidential research data
  • Identify computer addresses for ITSO to run quarterly network vulnerability scans
  • Refer to network services that are currently available (for security, data storage, server hosting/ management, etc)
  • Assist with registration of servers in Uiowa System Registry (USR) application


 

Additional Actions and Resources:

For more information please contact the Information Security and Policy Office:
Email: it-security@uiowa.edu
Phone: 319-335-6332