Research Data Classification and Secure Storage Options

Slide Note
Embed
Share

Explore the classification of research data into public, private, secure DoD, and VA data categories, with examples and guidelines for secure storage options. Understand the risks associated with unauthorized disclosure of private/confidential data and learn how to protect sensitive information to prevent potential harm to individuals, research subjects, patients, and the university.

boyt_in
boyt_in Follow

Uploaded on Sep 20, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Research Data and Secure Storage Options Ashok Mudgapalli, MS, Ph.D. Director of Research IT Office (RITO)

  2. Agenda I. UNMC Data Classification II. Research Data Storage Options III.UNMC Box IV.UNMC Box Security V. Contacts and Resources VI.Q&A

  3. How do I classify my Research Data? 1 Public Data Private / Confidential Data 2 3 Secure DoD Data 4 VA Data

  4. Public Data Definition Examples Data if lost poses little to no risk to the University or you. Public policies and procedures manuals, Campus maps, Job postings, Non-private University contact information, press releases, course information, published research results No password protection required. Password Protection Data Transfer These data can be transferred in any manner at the owner s risk, but Internet, USB, data sharing sites all OK. Cloud / Premise Server Storage recommended to prevent inappropriate or unauthorized modification of information. Publicly exposed documents should be read only category Cloud / External Storage Workstation and Laptop Storage Removable / Portable Media Storage Disaster Recovery Remote Access No password required. Server storage is recommended, but not required, and password protection No protection requirements required. No protection requirements required. However, the computer should be encrypted as per UNMC policy 6051. No protection requirements required. However, the media should be encrypted as per UNMC policy 6051. Should be backed up in a separate location to prevent loss.

  5. Private / Confidential Data Definition Unauthorized disclosure, alteration or destruction could result in a significant risk to you, research subjects, patients, or students and/or the University or its employees or its affiliates. Examples I. Student Records, non-public research data, employment or admission applications, personnel files, individual benefits information, birth date, and personal contact information, Donor contact information and non-public gift amounts, Privileged attorney- client communications, Non-public policies, UNMC internal memos and email, budgets, plans, and financial information, contracts, University and employee ID numbers. II. All Protected Health Information (PHI) which includes any of the following: 1. Patient Names 2. All geographical subdivisions smaller than a State (e.g., street address, city, county, precinct, zip code) 3. Date other than year directly related to an individual (birth, admission , discharge, or death date); or age over 89 unless aggregated as 90 or older 4. Phone or FAX number 5. E-mail or Internet Protocol (IP) addresses, or Web Universal Resource Locators (URLs) 6. Social Security, Medical record, or Health plan beneficiary numbers 7. Account, or Certificate/license numbers 8. Vehicle identifiers and serial numbers, including license plate numbers 9. Device identifiers or serial number 10. Biometric identifiers, including finger and voice prints 11. Full face photographic images and any comparable images; or 12. Any other unique identifying number (e.g., Passport or visa numbers

  6. Private / Confidential Data Continue Examples III. Export controlled information under U.S. laws; Data protected by state or federal regulations; and/or Data protected by confidentiality agreements Limited to those permitted under law, regulation and policies, and on a need to know basis. At least one physical (e.g., locked room and /or card access) or electronic barrier (e.g., software- and/or hardware-based firewalls) should be in place when not under direct individual control of an authorized user. Data Transfer Encryption and/or password protection required to transmit information through a network. Use UNMC email services to transfer confidential information within the network and to external entities. Transfer should be encrypted if sent over the Internet, or university-approved resources (e.g., Box or SharePoint). Cloud / Premise Server Storage external requirements including physical and logical access protection. Workstation and Laptop Storage data be placed in a folder with additional password or encryption. Removable / Portable Media Storage regulation, contract, or other agreement. Removable and portable media must be encrypted and contain a layer of logical and physical access protection unless under the direct use of authorized individuals. Disaster Recovery location that contains similar logical and physical security controls in place. Remote Access Password Protection Box, SharePoint and server storage is highly recommended unless otherwise stated by law, regulation, contract, or other agreement. Server security must follow internal and Data if stored on a workstation or laptop must follow internal and external requirements including physical and password protection. It is recommended that these Encrypted external hard drive or other university approved resources (e.g., Box) but not USB or other portable devices should be used unless otherwise agreed upon by law, All Private/Confidential Data should be backed up on a server in a separate physical Requires VPN secure remote access.

  7. Secure DoD Data Definition Unauthorized disclosure, alteration or destruction of these data could cause a significant level of risk to the United States, University or other partners . Security controls should be applied as defined by the level of security of the data. Non-public information provided to a contractor, Information developed during the course of a DoD contract, grant, or other legal agreement, Privileged information contained in transactions, Military Health System Information, data protected by state or federal privacy regulations and data protected by confidentiality agreements, or other sensitive information that does is not include in the Private/Confidential data type . Access is limited to those permitted under law, regulation, and policies, and on a need to know basis. Access defined by the defined level of security. Defined by level of DoD security classification but may require special military-grade encryption or information security protocols. Cloud / Premise Server Storage encryption or information security protocols. Workstation and Laptop Storage grade encryption or information security protocols. Removable / Portable Media Storage Cloud / External Storage Disaster Recovery or other agreement. Remote Access Remote access via the UNMC VPN utilizing two factor authentication is allowed. Examples Password Protection Data Transfer Defined by level of DoD security classification but may require special military-grade DoD classified information needs to be stored separately on devices accessible to only those approved to access. Degree of security as defined but may require special military- Removable and/or portable media storage is not allowed. If need to be used, UNMC recommended encryption, access control and password protection need to be applied. Cloud or external third party storage is prohibited. All DoD classified information must be backed up according to law, regulation, contract,

  8. VA Data Definition Unauthorized disclosure, alteration or destruction could result in a significant risk to you, research subjects, patients, the VA or its employees or its affiliates. I. Non-public research data, personnel files, internal memos and email, budgets, plans, and financial information, contracts. II. All Protected Health Information (PHI) III. Private Personal Information (PPI) Limited to those permitted under law, regulation and policies, and on a need to know basis. At least one physical (e.g., locked room and /or card access) or electronic barrier (e.g., software- and/or hardware-based firewalls) should be in place when not under direct individual control of an authorized user. Encryption and/or password protection required to transmit information through a network. Use UNMC email services to transfer confidential information within the network and to external entities. Transfer should be encrypted if sent over the Internet. Must be on VA servers. Examples Password Protection Data Transfer Cloud / Premise Server Storage Workstation and Laptop Storage Data if stored on a workstation or laptop must follow internal and external requirements including physical and password protection. It is recommended that these data be backed-up on VA servers. Removable and portable media must be VA approved, encrypted, and Federal Information Processing Standard Publication (FIPS PUB) 140-2 compliant. Removable / Portable Media Storage Cloud / External Storage Disaster Recovery Cloud or external third party storage is prohibited. All Private/Confidential Data should be backed up on a server in a separate physical location that contains similar logical and physical security controls in place. Remote Access Requires VA VPN secure remote access.

  9. Research Data Storage Options I. RITO Enterprise Storage (PHI & non- PHI) II. Office365 SharePoint (PHI & non-PHI) III. BOX Cloud Storage (PHI & non-PHI) IV.Attic Storage (non-PHI at PKI) V. ITS managed on premise Enterprise storage (contact ITS HelpDesk)

  10. II. Research Data Storage - Local Storage Option Can protect PHI? Cost/year Suitable for Comments Enterprise (on site) Yes $499/TB Daily or more frequent access More robust and dynamic environment, Automatic Replication and weekly backup Holland Computing Center , Omaha No (non- PHI only) $250 / TB ($105 / TB if no replication and backup) Daily or more frequent access Automatic backup / replication if desired Department /College/Unit server No Do not use Retired NA

  11. II. Research Data Storage in Cloud Storage Option Can protect PHI? Cost/year Suitable for Comments BOX Cloud (Enterprise Grade) Yes $115 / user/ year / unlimited space for data that can be accessed regularly Daily or more frequent access. Automatic backup / replication, Each file must be =< 32 GB size. Unlimited days of worth of deleted files available in Box Trash can. Up to 100 versions of single file can be maintained UNMC 365 SharePoint Yes Free Daily or more frequent access Offered by UNMC ITS (Microsoft 365 solution). Contact ITS Help Desk for more information. Each file size can be 5 GB or more. Contact HelpDesk for latest information

  12. II. Research Data Storage Off Site Storage Option Can protect PHI? Cost/year Suitable for Comments UNMC Office365 OneDrive Do not use for storing research data Free Daily or more frequent access Not recommended for research data storage but can be used for word, excel, PDF and other document types. Third party vendor storage solutions, Dropbox, Amazon Cloud, Google docs No NA NA All File Shares have been decommissioned. *Replication: Creates a copy of the file (live) at remote location **Backup: Backup files point in time to remote location

  13. UNMC Box Security (Info from Box security team) Secure data centers: User data is stored on enterprise- grade servers that undergo regular audits and are monitored 24/7 Redundancy: Files are backed up daily to additional facilities All files uploaded to Box are encrypted at rest using 256-bit AES encryption For files in transit, AES 256 is a supported cipher, however Box default to use RC4-128 encryption. Box do this to mitigate a known vulnerability in SSL called the BEAST attack, which an attacker could use to hijack someone's web session when other ciphers (including AES 256) are used. 128 bit encryption is currently considered safe and secure for data in transit

  14. UNMC Box Security (Info from Box security team) Box is SAS70 Type II and Safe Harbor certified, ISO27001 certified (globally recognized security standard) and supports RC4 encryption Disaster Recovery Box physical infrastructure is designed not only for disaster recovery, but true disaster avoidance, building in advanced measures for N+1 redundancy for all components, geographical diversity, physical security, and environmental controls. Access to systems are monitored around the clock by onsite monitoring and guards, and access to cages are restricted to only top-level clearance Box employees, managed by keys and biometric scanning

  15. Resources Research IT Office (RITO) web site (http://www.unmc.edu/vcr/rito/index.html) has storage options in more details UNMC BOX Cloud Storage (https://app.box.com/login/) Contact RITO for more information rito@unmc.edu

  16. Whos Who RITO PERSONNEL Role Phone Contact Email Ashok Mudgapalli, MS, Ph.D. Director of Research IT 559-9072 ashok.mudgapalli@unmc.edu Mike Gleason, Ph.D. Programmer Analyst III 559-9088 mgleason@unmc.edu Mike Zietz, BS Programmer Analyst II 559-4857 mike.zietz@unmc.edu Vinod Kumar Yarroju, MS Programmer Analyst II 559-4878 vinodkumar.yarroju@unmc.edu Amruthavally Konakanchi, Programmer Analyst II 559-3821 a.konakanchi@unmc.edu

Related


PELICAN: A Building Block for Exascale Cold Data Storage

PELICAN: A Building Block for Exascale Cold Data Storage

bielecki_b
Various Structures for Seed Storage and Improved Rural Storage Methods

Various Structures for Seed Storage and Improved Rural Storage Methods

theodora
Understanding Tape Storage: LTO and LTFS Overview

Understanding Tape Storage: LTO and LTFS Overview

felicia
Overview of EGI Online Storage Service Architecture and Interfaces

Overview of EGI Online Storage Service Architecture and Interfaces

lepe_a
Nicor Gas Supply and Storage Overview

Nicor Gas Supply and Storage Overview

shouryad
Evolution of Ceph's Storage Backends: Lessons Learned

Evolution of Ceph's Storage Backends: Lessons Learned

jessa
HPE Nimble Storage Solutions: Starter Kits Promotion

HPE Nimble Storage Solutions: Starter Kits Promotion

avarose
Overview of Fingerprint Classification and Cataloguing Methods

Overview of Fingerprint Classification and Cataloguing Methods

cyprian
Data Storage, Backup, and Security Essentials

Data Storage, Backup, and Security Essentials

mortenson_j
Enhancing Animal Telemetry Data Systems for Secure Collaboration

Enhancing Animal Telemetry Data Systems for Secure Collaboration

maon369
IGU Gas Storage Committee 2022-23 Meeting Highlights

IGU Gas Storage Committee 2022-23 Meeting Highlights

soul
Gas Storage Investment Workshop Insights

Gas Storage Investment Workshop Insights

gdena
New Storage Requirements for Lithium Batteries in International Fire Code

New Storage Requirements for Lithium Batteries in International Fire Code

reid
Basics of Fingerprinting Classification and Cataloguing

Basics of Fingerprinting Classification and Cataloguing

simone
Overview of Mass Storage Systems in Computer Engineering

Overview of Mass Storage Systems in Computer Engineering

conner
Introduction to SFTP & PGP Encryption for Secure Data Transfer

Introduction to SFTP & PGP Encryption for Secure Data Transfer

bunty
Understanding BioStatistics: Classification of Data and Tabulation

Understanding BioStatistics: Classification of Data and Tabulation

bobbi
Efficient Rekeying for Encrypted Deduplication Storage

Efficient Rekeying for Encrypted Deduplication Storage

miraklewo
Storage Benchmark Proposal for NFVI Performance Measurement

Storage Benchmark Proposal for NFVI Performance Measurement

kkrak
Advancing Innovation and Technologies in Gas Storage Operations

Advancing Innovation and Technologies in Gas Storage Operations

xerxes
International Workshop on Offshore CO2 Storage: Goals, Expectations, Logistics

International Workshop on Offshore CO2 Storage: Goals, Expectations, Logistics

tova
Challenges and Opportunities in Scientific Storage of Grains

Challenges and Opportunities in Scientific Storage of Grains

sak_h
Effective Storing Techniques for Agricultural Produce

Effective Storing Techniques for Agricultural Produce

pridgeon_z
Encrypted Deduplication for Secure Cloud Storage

Encrypted Deduplication for Secure Cloud Storage

mui_ena

More Related Content

Importance of Good Data Management Practices in Clinical Research
Importance of Good Data Management Practices in Clinical Research
Storage and Indexing Overview in Database Management Systems
Storage and Indexing Overview in Database Management Systems
Accessing and Utilizing CPCSSN Secure Research Environment (SRE)
Accessing and Utilizing CPCSSN Secure Research Environment (SRE)
Understanding Classification in Data Analysis
Understanding Classification in Data Analysis
Essential Guide to Data Storage and Backup
Essential Guide to Data Storage and Backup
AI Projects at WIPO: Text Classification Innovations
AI Projects at WIPO: Text Classification Innovations
Understanding ROC Curves in Multiclass Classification
Understanding ROC Curves in Multiclass Classification
Understanding Classification Keys for Identifying and Sorting Things
Understanding Classification Keys for Identifying and Sorting Things
Review of Energy Storage Systems for Sustainable Decision-Making
Review of Energy Storage Systems for Sustainable Decision-Making
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords
Best Practices for Remote GBV Services - Documentation and Data Protection
Best Practices for Remote GBV Services - Documentation and Data Protection
Achieving Secure and Scalable Data Access Control in Cloud Computing
Achieving Secure and Scalable Data Access Control in Cloud Computing
Understanding Magnetic Disks and Disk Controllers in Computer Memory Hierarchy
Understanding Magnetic Disks and Disk Controllers in Computer Memory Hierarchy
Understanding Market Trends for Storage Virtualization
Understanding Market Trends for Storage Virtualization
Benefits of Linux Open Networking & Software Defined Storage (SDS) for Cloud Environments
Benefits of Linux Open Networking & Software Defined Storage (SDS) for Cloud Environments
NCI Data Collections BARPA & BARRA2 Overview
NCI Data Collections BARPA & BARRA2 Overview
Understanding Durability and Integrity in Data Storage Systems
Understanding Durability and Integrity in Data Storage Systems
Exploring CTE Data Collections and Security Protocols in Education
Exploring CTE Data Collections and Security Protocols in Education
Data Storage Strategies for Modern Distributed Systems
Data Storage Strategies for Modern Distributed Systems
Cutting-edge Proton EDM Storage Ring Experiment Insights
Cutting-edge Proton EDM Storage Ring Experiment Insights
Ensuring Security in Persistent Key-Value Stores using Shielded Execution
Ensuring Security in Persistent Key-Value Stores using Shielded Execution
Electrical Energy Storage Systems
Electrical Energy Storage Systems
Understanding Sequential Logic Circuits in Digital Systems
Understanding Sequential Logic Circuits in Digital Systems
Design Considerations for Storage Tanks
Design Considerations for Storage Tanks