Research News
Information to enhance your success at UNL | UNL Office of Research | May 2013

Feature Stories 
UNL

IS can help protect research data

datasecurityComputer and data security are critical, often complex, concerns for researchers. UNL’s Information Technology security team can help researchers employ best practices and take advantage of security tools and services to protect research data, said Richard Haugerud, director of IT security for UNL Information Services.

UNL’s IT security team monitors and blocks literally tens of thousands of attacks on an hourly basis, from hundreds of points on the globe. They use a variety of tools to block intrusions, identify vulnerabilities and protect data.

Security team representatives can meet with researchers and their staff to establish or examine security controls for research data. They recommend a preliminary meeting before starting a research project to assess needs and identify possible preventive measures or solutions. IT security also can meet with researchers at any time during the research project to re-evaluate what is being done and see if anything else can be done to safeguard data. Security staff also can meet with researchers about projects that are already in progress.

For more information about getting help from IT Security, call (402) 472-5700 or send an email to security@unl.edu.

Here are more tips and details about protecting research data:

Research security risks

Information technology is increasingly critical to facilitate research, enabling researchers to collect, test, interpret and share massive sets of data. Data stores are treasure troves that allow researchers to ask questions, uncover clues and validate ideas.

However, there is a risk that research may attract unintended attention. Researchers can make headlines for all the wrong reasons with a devastating data loss or breach. The risk is especially high with research involving human subjects or in cases where data must be protected to comply with regulations; when researchers are legally or contractually obliged to keep data safe and confidential; or when certain types of data may be commercially sensitive or protected by intellectual property agreements.

According to a 2010 study by Symantec Corp. and the Ponemon Institute, a data breach costs an organization, on average, $7.2 million. Research data can be an easy target plundered by hackers, obliterated by malware and exploited by identity thieves who are able to slip through weak passwords, lack of encryption and unmonitored subnets.

Security starts with knowledge

“There are no magic bullets in IT security – no single method fully secures data. The best defense is to add security layers to mitigate the risk of vulnerability at multiple points of intrusion,” Haugerud said. Because security depends on individual behavior, researchers are urged to:

  • Be cautious sharing data via email, portable media or network drives.
  • Follow the safe computing guidelines published by UNL Information Services at http://is.unl.edu/protectyourself.
  • Establish common understanding of security practices by signing up for SANS Securing the Human, an online video course on a variety of best practices.

Suggestions for improving data security

Identity management and access control are critical. Complete system logs and regular review (frequency can vary with the level of data sensitivity) are vital to help identify who is accessing data and when. Copies of logs can be securely stored and easily reviewed (but cannot be edited or deleted) in Splunk, a central logging server maintained by Information Services.

Using secure passwords is essential and can be achieved by following these simple guidelines:

  • Don’t use any personal information.
  • Don’t use real words like those you would find in a dictionary.
  • Mix and match the character types in your passwords. Use both upper and lower case letters, adding in numbers and special characters to create more complex passwords.
  • Use passphrases. Take a line from a movie or a song, and use only the first letter of each word as the passphrase, mixing in upper and lower case letters, numbers and special characters.
  • Use a password generator to create complex passwords. Since these passwords will be difficult to remember, you also may want to use a password management tool to store them so you can retrieve them easily.

IS advises researchers not to duplicate authentication systems unnecessarily. Data stores and applications should be integrated into existing identity management resources already available at UNL. Using these existing systems affords a number of security advantages:

  • Account de-provisioning when staff leave UNL.
  • Account lock-out policies for unauthorized login attempts.
  • Fewer passwords to remember.
  • Authentication logs that are already being stored.
  • No need for local authentication policies to be implemented and managed.

Databases should be set up so only those individuals who need access can get to them. This can be accomplished in a variety of ways:

  • Hardware firewalls can be installed and configured to allow only certain kinds of traffic to the server, and only from specific IP ranges.
  • Host-based software firewalls can be installed on servers to further limit the IP addresses that have access to the data.
  • In cases where host-based firewalls are not available, IP tables may be created to limit which IP addresses can access the database.

Encryption is an additional security tool that can be used to protect data. A variety of encryption methodologies are available to encrypt email messages and any data stored in one place or transferred via email, the Internet or other portable media.



OTHER Feature Stories
MOST POPULAR STORIES

email E-mail this story

print Print this story

Share Share this story

Home Back to home


© 2022 University of Nebraska–Lincoln Office of Research and Economic Development | Subscribe/Unsubscribe

The University of Nebraska–Lincoln is an equal opportunity educator and employer.
University of Nebraska-Lincoln