enterprise data decentralized control, data security and privacy data encryption data encryption...
TRANSCRIPT
Enterprise Data Enterprise Data Decentralized Control, Data Decentralized Control, Data
Security and PrivacySecurity and Privacy
Data EncryptionData EncryptionInformation Sharing/Information Sharing/Protection Protection of Research Dataof Research Data
Next StepsNext Steps
Michael Michael Pickett - DukePickett - Duke
Data Encryption – Some Data Encryption – Some ToolsTools
Linux EncFS AES-128/256 or BlowfishLinux EncFS AES-128/256 or Blowfish http://arg0.net/wiki/encfshttp://arg0.net/wiki/encfs
Mac FileVault – AES-128Mac FileVault – AES-128 http://www.apple.com/macosx/features/http://www.apple.com/macosx/features/
filevault/filevault/ Windows (XP SP1+) Encrypting File Windows (XP SP1+) Encrypting File
System – AES-256 or 3DES System – AES-256 or 3DES http://www.windowsecurity.com/articles/http://www.windowsecurity.com/articles/
Where_Does_EFS_Fit_into_your_Security_PlaWhere_Does_EFS_Fit_into_your_Security_Plan.html n.html
Information Information Sharing/Protection of Sharing/Protection of
Research DataResearch Data
NSB - LONG-LIVED DIGITAL NSB - LONG-LIVED DIGITAL DATA COLLECTIONSDATA COLLECTIONS http://www.nsf.gov/nsb/documents/2005http://www.nsf.gov/nsb/documents/2005
/LLDDC_report.pdf/LLDDC_report.pdf
NSB - LONG-LIVED DIGITAL NSB - LONG-LIVED DIGITAL DATA COLLECTIONSDATA COLLECTIONS
What data do we not want to lose? What data do we not want to lose? Data deemed useful over long period (data Data deemed useful over long period (data
we would desire to migrate across tech we would desire to migrate across tech generations)generations)
Importance defined by peers (e.g. Protein Importance defined by peers (e.g. Protein Data Bank)Data Bank)
Metadata required to make the raw data Metadata required to make the raw data useful and to replicate findings (derived useful and to replicate findings (derived data?)data?)
Are we worried about intruders altering Are we worried about intruders altering data that our researchers collect or use?data that our researchers collect or use?
Current Policy ExamplesCurrent Policy Examples
Earth/Ocean Sciences – 2 yrs to Earth/Ocean Sciences – 2 yrs to deposit in national data center deposit in national data center
Cognitive Brain Science – 1 year to Cognitive Brain Science – 1 year to deposit in library or data archivedeposit in library or data archive
NIH – grant must include data NIH – grant must include data sharing plan if > $500K (data to sharing plan if > $500K (data to replicate – not summaries) & PI replicate – not summaries) & PI keeps data for 3 years after grant keeps data for 3 years after grant endsends
The FutureThe Future Recommendation 4: Recommendation 4: The NSF should The NSF should
require that research proposals for require that research proposals for activities that will generate digital data, activities that will generate digital data, especially long-lived data, should state especially long-lived data, should state such intentions in the proposal so that such intentions in the proposal so that peer reviewers can evaluate a peer reviewers can evaluate a proposed proposed data management plan.data management plan.
Building policy and infrastructure to Building policy and infrastructure to help researchers do this will be a help researchers do this will be a competitive advantage (for securing competitive advantage (for securing faculty and grants)faculty and grants)
Next StepsNext Steps Are security breaches at colleges and Are security breaches at colleges and
universities on the rise? universities on the rise? What are we doing to address the What are we doing to address the
protection (privacy, security, integrity) of protection (privacy, security, integrity) of information? information?
Are there things we should be doing Are there things we should be doing differently than industry and differently than industry and government?government?
What infrastructure (technology, What infrastructure (technology, procedures, policy, templates) should we procedures, policy, templates) should we provide for our schools?provide for our schools?