Information Security Guidance for researchers
The table below lists the major risks that need to be examined in research information systems with sensitive data, and some of the basic countermeasures that will help address those risks.
Computer Risk Areas: |
Preventative Counter Measures: |
| Unauthorized access to sensitive information | Restrictive file access permissions Individual accounts for each person Complex (strong) passwords Regular access permission reviews |
| Compromised system security as a result of an intruder | Logging of activity on the computer system Monitoring/ alerting of computer system events Regular updates/patching of systems and applications |
| Interception of sensitive information on the network | Network encryption such as SSL/SSH File or Folder encryption |
| Physical loss of computer room or equipment | Regular backups Disaster recovery procedures developed and tested |
| Errors or corruption introduced into systems | Data integrity controls (i.e. validity checks on web form inputs) Software change management procedures and testing |
Hawk IRB Application
The following is a description of what we do with the information you, as University of Iowa Researchers submit in section 10 of the Hawk IRB application.
- Identification: The IT-Security Office (ITSO) is automatically notified when an application is submitted that indicates collection of SSN's
- Review: ITSO examines the protection that was described for electronic data
- Assistance: ITSO contacts the person specified as responsible for computer security to:
- Share guidance (policy and procedures) for protection of confidential research data
- Identify computer addresses for ITSO to run quarterly network vulnerability scans
- Refer to network services that are currently available (for security, data storage, server hosting/ management, etc)
- Assist with registration of servers in Uiowa System Registry (USR) application
Additional Actions and Resources:
- Address the data handling requirements described for all Critical and Restricted data
- Implement Baseline Security Standards on ALL computers
- Implement the security controls in the
Computer Security Protections Overview - Bookmark the University of Iowa repository of Information Technology Policies
- For more information refer to University Research Subject Compensation Policy.
- Social Security Number (SSN) policy
For more information please contact the Information Security and Policy Office:
Email: it-security@uiowa.edu
Phone: 319-335-6332