ISO Policies, Standards, and Guidelines
Protecting Sensitive Digital Research Data
Last reviewed: 06/24/2013
UT System has issued rules for all researchers to ensure that sensitive digital research data is appropriately protected. Protecting this important data requires a commonsense approach to managing your computer systems. You need to be aware of common vulnerabilities and then take some not-too-extraordinary steps to shield those vulnerable areas. The university has many people and tools available to support you in making this happen so you can go about your business.
Why should you take the time to secure your digital data? It's part of being a responsible researcher, just like using appropriate protocols and protecting human subjects. Your reputation and your funding are on the line. If your data is compromised, your research could be called into question. Following the university's new rules for protecting sensitive digital research data will help ensure the security of the systems involved and will help safeguard the confidentiality and integrity of sensitive digital research data.
Essentially, you are responsible for:
2. Required Practices
Apply these basic practices to all systems.
3. Information for Technical Staff
Technical staff play an important role in protecting sensitive digital research data. The Information Security Office has tools and services that can help you support the researchers in your area implement the security practices that are essential on our campus.
Familiarize yourself with the Information Resources Use and Security Policy. This document outlines requirements for many aspects of security systems. The policy also includes many supporting documents that provide specific details.
To see specific requirements and recommendations for systems storing Category-I, -II, and -III data, please see the Minimum Security Standards for Systems.
The Server Hardening Checklists provide specific steps you should take to secure your servers. They reference the requirement in the Minimum Security Standards for Systems, provide notes about information specific to the university, and link to the Center for Internet Security documents for the relevant operating system.
E-mail the Information Security Office at email@example.com if you have any questions or need more information.
4. About this Initiative
In response to data thefts at many universities, including The University of Texas at Austin, the UT System issued Business Procedure Memorandum 75, Protecting the Confidentiality and Integrity of Digital Research Data, in April, 2006, to protect the integrity of research at the university. The university is currently working on incorporating this standard into the Handbook of Operating Procedures.
President Powers has delegated responsibility for implementing BPM 75 to the Vice President for Research. The steering committee for the implementation includes representatives from these offices:
If you have questions about the information in this Web site or concerns about a particular system, please e-mail the Information Security Office at firstname.lastname@example.org. For questions about research projects, please contact the Office of the Vice President for Research.
(Effective April 12, 2007, UT System consolidated several Business Procedure Memoranda (53, 66, and 75) into a single policy with a new numbering scheme. The controlling document for this initiative is now UTS 165.)
5. Revision History
Send computing questions to the ITS Help Desk or call (512) 475-9400.