Breaches of research information could result in the loss of intellectual property, reputational damage to the University, or the violation of study participant privacy rights. As a researcher it is your responsibility to protect the data upon which your research is based, unpublished results of the research, and other related material such as participant consent forms.
We always do the best we can to protect the information for which we are responsible, but sometimes bad things happen. What would be the impact to your research, to your study participants, and to the University’ reputation in the unfortunate event that research data is compromised?
Data Classification is the process of analyzing data and information to determine its sensitivity. The sensitivity of the data is based on the impact that loss or unauthorized disclosure of the data would on study participants, as well as on the University, both financial and reputational.
The Information Security Policy helps researchers understand their responsibilities; it provides tools that will help clarify information sensitivity, and guidance on how to select appropriate controls and establish secure protocols for the protection of the information for which they are responsible.
Research data, intellectual property created as a result of the research, and other related materials such as participant consent forms must be protected throughout its lifecycle. This includes secure collection, creation, storage, transfer, and disposal of information and technology. The IT Security team works closely with the McMaster Research Office for Administration, Development and Support to create solutions for researchers that will help safeguard their research information.
The Information Security Policy helps researchers understand their responsibilities; it provides guidance on how to select appropriate controls and establish secure protocols for the protection of the information throughout its lifecycle. Contact the IT Security team or the McMaster Research Ethics Board if you have any questions about handling your research data.
IT Security Hygiene is the protection and maintenance of the computing devices that we use to access information, such as personal laptops, mobile devices, and desktop or virtual computers used within labs. Maintaining good IT Security Hygiene includes simple steps such as:
- Install a trusted antivirus program, and run periodic scans of all files on your computer;
- Install browser based security extensions or add-ons;
- Install security updates and software patches in a timely manner;
- Turn on your computer’s personal firewall;
- Separate your computer’s administrator privilege from its day to day use;
- Use only strong passwords;
- Uninstall software that isn’t being used.
The Information Security Policy requires that every member of the McMaster community take responsibility for the computer they use to access McMaster resources. The Client Computing Devices Security Standard (draft) provides specific guidance on security requirements for laptops, desktops, tablets, and mobile devices.
How we react when something goes wrong is critically important when dealing with information security. The Information Security Policy requires all members of the McMaster community to report known or suspected IT Security and Privacy Incidents to the appropriate authorities.
Take the time to learn how to identify Information Security and Privacy incidents, and how to report them. Watch for IT Security alerts and notifications sent via email, or posted to the @McMaster_ITSec twitter feed and the McMaster IT Security Facebook page. Reporting incidents is not embarrassing or cause for punitive action; reporting incidents fully and quickly is a helpful, positive act that helps keeps our information safe.