Sometimes, they simply connect researchers with existing university resources or help them obtain a specialized tool, such as a specific file encryption software program that would better meet their needs. Through SecureMyResearch, cybersecurity experts will look at researchers’ existing workflows and provide step-by-step directions to better protect data. So, the only way we can actually secure research is by the institution injecting cybersecurity into it.” “And if you want to teach them cybersecurity, it’s the same deal. “If you ask researchers to do cybersecurity, that’s basically dead on arrival,” he adds. We stress how faculty will have more time to write grants.” We’re focused on getting work done more quickly and making sure the research is trustworthy. “I think it’s because we’ve concentrated on positive messaging. “We’ve reached maybe 50 percent of all faculty members,” Shankar says. Anurag Shankar, a senior security analyst at the university’s Center for Applied Cybersecurity Research who conceived of the idea, initially expected to see little interest, given the resistance he’d faced from professors throughout his career - but to his surprise, the program has “exploded,” with researchers joining voluntarily. In 2020, Indiana University piloted a project called SecureMyResearch, aimed at offering opt-in cybersecurity services to researchers. Indiana University Cybersecurity Services Empower Professors WATCH: How this SOC at the University of Cincinnati helps protect university assets. “It’s been tremendously helpful,” Williams says. By appointing a liaison between the research and cybersecurity teams, Williams says, the school has ensured that researchers are implementing additional controls when needed. The school has a committee, staffed mostly by researchers, charged with making sure that UC’s research projects comply with National Institute of Standards and Technology security standards and guidelines. Perhaps just as important as the specific cybersecurity tools are the processes that UC has put in place to connect research teams with information security professionals. The university also makes endpoint detection and response from CrowdStrike available to researchers working with sensitive data, uses Splunk to monitor systems involved in research projects and identifies vulnerabilities through Qualys. Research projects may require additional tools, he says, such as cloud storage that is certified to comply with certain regulations. Williams notes that UC uses several enterprise security solutions, such as anti-virus software, encryption and multifactor authentication. University of Cincinnati Links Research and Security Teams “We want to help them do their work safely.”Ĭlick the banner below to receive exclusive content about cybersecurity in higher ed. ![]() “We need to do a better job of letting researchers know that there are resources out there, and that those of us in cybersecurity and privacy are not here to prevent them from doing their work,” he says. And then, ransomware attackers have a financial incentive to just keep people from their research.” “We’ve seen higher education institutions targeted by hackers who want to steal their research or maybe even sabotage it. “Data is the crown jewel in research,” Potchanant says. Universities must flip this script, he says, so that information security is seen as a “department of know.” Joseph Potchanant, director of cybersecurity and privacy at EDUCAUSE, says that researchers have historically looked at information security offices as the “department of no,” fearing that cybersecurity professionals would hamstring their work. To help strike that balance, UC has created a liaison between the school’s information security and research leaders, making the school one of several that are creating new systems to shore up cybersecurity for research projects. It’s a delicate balance of trying to be as secure as possible but also being able to function in an agile and efficient manner.” “If we tried to deploy all the same controls across everything, it would slow the university down to a screeching halt,” he says. Matthew Williams, executive director of information security for the University of Cincinnati, says it’s impossible to provide the same protection for users and systems across a large university.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |