Data Storage for Research. Michael Pinch
|
|
|
- Ophelia Moore
- 10 years ago
- Views:
Transcription
1 Data Storage for Research Michael Pinch
2 Intro Data storage is a world full of tradeoffs Read vs Write Speed Availability vs Security Cost vs Speed This presentation is to talk about the different types of data we deal with, options for storage, and risks of each We highlight University policy and cite how to get more information
3 Types of Data PHI Identifiable health information that can be linked to a particular person PCI Account / Cardholder Data Primary account number, cardholder name, service code, and expiration date Legally Restricted (UR Policy) Data which must be protected by law such as PHI, Social Security numbers, and account data Confidential (UR Policy) Information which may be sensitive or proprietary such as personnel records and unpublished
4 Hard Drive Server Database Share Drives Network Drives Removable Drive CD DVD Cloud USB Types of Storage
5 Share Drives / Network Drives Access is controlled via user account Data is backed up nightly Remotely accessible through VPN
6 Servers / Databases Servers must be in data center REDCap (Research Electronic Data Capture) may be a viable option Contact Academic IT for more information
7 Cloud Storage Dropbox is extremely popular for convenience, capacity, and collaboration Dropbox is NOT an approved medium for data storage at URMC, especially legally restricted data URMC has an enterprise contract with Box (the major competitor to Dropbox). Legally, we will be able to store any data in Box we choose. Box allows for syncing to desktop, mobile, web, etc Box allows for collaboration with other non-
8 Other Cloud Storage URMC is piloting Amazon Web Services In addition to EC2, it offers S3, simple storage solution Inquire with me if you re interested in trying it
9 Protection Encryption in Rest Encryption in Motion Password Protected < Encrypted
10 Encryption Methods VPN Provides encryption for data in motion HTTPS Provides encryption for data in motion over the web Zip Software Gives you the option to encrypt a zip file Share the password with someone over a different channel than how you share the file! Secure Put!secure in the subject of your
11 Encryption Methods CD / DVD Encrypted DVDs are available! USB / Removable /External Drive Buy an encrypted USB Device URMC Managed systems will have software on them in early 2014 that will turn all dumb USB drives into encrypted drives automatically
12 Encryption Methods Full disk for users PointSec (URMC Enterprise Solution) FileVault (Mac Native Solution) BitLocker (Windows Native Solution) TrueCrypt (Open Source Solution) Most of these tools can be used for full disk encryption or file/folder encryption
13 Encryption Performance
14 Encrypted Devices Camera Samsung Galaxy Camera Fully Encrypted! Available in the bookstore - $399 Voice Recorders Olympus DS $399 Philips LFH $499
15 Backup / Redundancy URMC File server data backed up for 30 days 14 Days on disk in the Primary Data Center 30 Days on encrypted tape in the Med Ctr Annex Full backups performed weekly Incremental backup performed daily
16 Compliance HIPAA Requires PHI to be encrypted at rest and in motion FISMA New grants may include FISMA security requirements Medium level security may require encryption of mobile devices and portable storage media PCI All cardholder data must be encrypted in transit Storing cardholder data significantly increases the cost to ensure compliance and is strongly discouraged
17 Recommended Practices All research data should have backup copies Minimize the use of unencrypted external hard drive, portable devices, and flash drives Store confidential and legally restricted data on network drives / shares Your research data may not contain patient information, but it should remain your data!
18 Places not to store your data Unencrypted Devices Local Hard Drive Cloud Storage Providers Dropbox Google Drive
19 Policies Information Security Policies, URMC UR Data Classification RMATION_TECHNOLOGY_POLICY.pdf
20 What to do in case of loss? Contact the URMC Information Security Office If the lost device is encrypted, no further action should be necessary
21 Destruction of Data Legally restricted and confidential data must be securely removed when no longer needed Hard drives should be securely wiped before disposal, leaving the organization, or reuse
22 Questions Contact URMC Information Security Office CISO:
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information
SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
Storing and securing your data
Storing and securing your data Research Data Management Support Services UK Data Service University of Essex April 2014 Overview Looking after research data for the longer-term and protecting them from
Storage, backup, transfer, encryption of data
Storage, backup, transfer, encryption of data Veerle Van den Eynden UK Data Archive Looking after your research data: practical data management for research projects 5 May 2015 Overview Looking after research
Data storage, collaboration, backup, transfer and encryption
Data storage, collaboration, backup, transfer and encryption Scott Summers UK Data Archive Practical research data management 19 April 2016 Overview Looking after research data for the longer-term and
Data Integrity. Q: Is it OK to use Excel for data entry?
Data Integrity Q: Is it OK to use Excel for data entry? Data Integrity Q: Is it OK to use Excel for data entry? Still possible to sort a single column at a time (disaster!) No way of tracking changes made
Small Business IT Risk Assessment
Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying
HC3 Draft Cloud Security Assessment
HC3 Draft Cloud Security Assessment Respondent Contact Information First Name: Grant Company: Ostendio Email: [email protected] Last Name: Elliott Company Address: Ostendio Date: 01/27/2015 Information
School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy
School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy Page 1 of 10 Contents 1 Preamble...3 2 Purpose...3 3 Scope...3 4 Roles and responsibilities...3
Keeping Data Safe. Patients, Research Subjects, and You
Keeping Data Safe Patients, Research Subjects, and You How do hackers access a system Hackers Lurking in Vents and Soda Machines By NICOLE PERLROTH APRIL 7, 2014 New York Times SAN FRANCISCO They came
Cloud Computing for Education Workshop
Cloud Computing for Education Workshop 2012 Copyright REZA CURTMOLA, NJIT Why Should You Learn This? Learn some useful software and services Backup and sync your materials for teaching Data reliability
Computer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)
Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj 1-1) Storage The place in the computer where data is held while it is not needed for processing A storage device is device used to record (store)
Data Storage Options for Research
Research IT Office Data Storage Options for Research By Ashok Mudgapalli Director of Research IT Agenda Current Research Data Storage Current Data Backup Strategies Available Storage Solution: Enterprise
Research Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
HIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
CITY UNIVERSITY OF HONG KONG. Information Classification and
CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification
Data Security Considerations for Research
Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about
HIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
COMPUTER SECURITY PRINCIPLES AND PRACTICES BY [email protected]
COMPUTER SECURITY PRINCIPLES AND PRACTICES BY [email protected] INTRODUCTION My Background Some questions for you Why computer security? Principle of Incarnation What this presentation covers (and
Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014
Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting
HIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
Encryption Policy Version 3.0
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
Information Technology Services Guidelines
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
Crystal Practice Management Encrypting the Database
Crystal Practice Management Encrypting the Database www.crystalpm.com 2013 Contents Overview... 1 Level of Encryption... 1 Why encrypt your Crystal Practice Management data?... 1 How to encrypt the database...
Virginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
Georgia Institute of Technology Data Protection Safeguards Version: 2.0
Data Protection Safeguards Page 1 Georgia Institute of Technology Data Protection Safeguards Version: 2.0 Purpose: The purpose of the Data Protection Safeguards is to provide guidelines for the appropriate
Information Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014
Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
Data Loss Prevention & Mobile Device Management
Data Loss Prevention & Suitable for any network size and any industry DLP for Windows, Mac and Linux Protecting the entire network Out-of-the-Box Solution to secure sensitive data from threats posed by
Introduction. Keeping Data Safe and Secure. Topics of Interest. Disclaimer. How Is Data Lost In General? Reasons for Data Loss by 3 rd Parties
Introduction Keeping Data Safe and Secure with Encryption and Online Services This session will look at two aspects of protecting your TRIO program s data through the use of data encryption and online
University of Cincinnati Limited HIPAA Glossary
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
Altius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
In the Cloud. Scoville Memorial Library February, 2013 [email protected]
In the Cloud Scoville Memorial Library February, 2013 [email protected] What is the Cloud? You may have heard people using terms like the cloud, cloud computing, or cloud storage. But what exactly is the
OIT OPERATIONAL PROCEDURE
OIT OPERATIONAL PROCEDURE Title: DATA CLASSIFICATION GUIDELINES Identification: OIT 1 Page: 1 of 5 Effective Date: 3/31/2014 Signature/Approval: Guidelines and Handling Procedure (9 10 ) specifies that
Management and Storage of Sensitive Information UH Information Security Team (InfoSec)
Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers
Encrypting your external USB drive on Windows
Encrypting your external USB drive on Windows To prevent your important or personal information from falling into the wrong hands, you can easily encrypt the files on your USB-drive with a password. Windows,
HiDrive Intelligent online storage for private and business users.
HiDrive Intelligent online storage for private and business users. Learn about our many product features! Contents 4 Everything, always and everywhere My file is your file Easy backup 5 Public folder Share
WINSCRIBE HARDWARE SPECIFICATIONS
WINSCRIBE HARDWARE SPECIFICATIONS Technology Overview proposes centralization of resources by providing a networked solution that fits into the existing framework of your server environment with minimal
CHAPTER 9 System Backup and Restoration, Disk Cloning
CHAPTER 9 System Backup and Restoration, Disk Cloning Learning Objectives After completing this lesson, you should be able to: i. Explain the method of doing data backup and restoration. ii. Describe the
Vs Encryption Suites
Vs Encryption Suites Introduction Data at Rest The phrase "Data at Rest" refers to any type of data, stored in the form of electronic documents (spreadsheets, text documents, etc.) and located on laptops,
Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works
Cloud Computing TODAY S TOPICS What Cloud Computing is and How it Works Security & Privacy Issues Investigative Challenges WHAT IS CLOUD COMPUTING? Cloud computing refers to software or processes offered
Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide
Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:
What is the Cloud? Computer Basics Web Apps and the Cloud. Page 1
Computer Basics Web Apps and the Cloud What is the Cloud? You may have heard people using terms like the cloud, cloud computing, or cloud storage. But what exactly is the cloud? Basically, the cloud is
Mobile Device Security and Encryption Standard and Guidelines
Mobile Device Security and Encryption Standard and Guidelines University Mobile Computing and Device best practices are currently defined as follows: 1) The use of any sensitive or private data on mobile
Purpose: To comply with the Payment Card Industry Data Security Standards (PCI DSS)
Procedure Credit Card Handling and Security for Departments/Divisions and Elected/Appointed Offices Last Update: January 19, 2016 References: Credit Card Payments Policy Purpose: To comply with the Payment
Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed) 01.1 Purpose
EndNote Collaboration
EndNote Collaboration 1 How Not To Share an EndNote Library Never store an EndNote working library (the.enl file and.data folder) on any cloud service for sharing, or even just for your own use. This will
Mobile Device Security Is there an app for that?
Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach
12 Key File Sync and Share Advantages of Transporter Over Box for Enterprise
WHITE PAPER 12 Key File Sync and Share Advantages of Transporter Over Box for Enterprise Cloud storage companies invented a better way to manage information that allows files to be automatically synced
Android support for Microsoft Exchange in pure Google devices
Android support for Microsoft Exchange in pure Google devices Note: The information presented here is intended for Microsoft Exchange administrators who are planning and implementing support for any of
Mobile Device Management (MDM) Policies. Best Practices Guide. www.maas360.com
Mobile Device Management (MDM) Policies Best Practices Guide www.maas360.com Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential
Cloud Hosting For Existing ShopWorks Customers
Cloud Hosting For Existing ShopWorks Customers 1655 Palm Beach Lakes Blvd. Ste 708 West Palm Beach, FL 33401 Ph: 561-491-6000 Fx: 877-491-5860 Published: 10/29/14 Introduction To Cloud Hosting? Up until
Feature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
Managing BitLocker With SafeGuard Enterprise
Managing BitLocker With SafeGuard Enterprise How Sophos provides one unified solution to manage device encryption, compliance and Microsoft BitLocker By Robert Zeh, Product Manager Full-disk encryption
Cloud Hosting Option For New OnSite Customers
Cloud Hosting Option For New OnSite Customers 1655 Palm Beach Lakes Blvd. Ste 708 West Palm Beach, FL 33401 Ph: 561-491-6000 Fx: 877-491-5860 Published: 10/29/14 Introduction To Cloud Hosting? In the past
Android 4.0.4 Support on Galaxy Nexus, Nexus S, and Motorola Xoom for Microsoft Exchange Policies
Android 4.0.4 Support on Galaxy Nexus, Nexus S, and Motorola Xoom for Microsoft Exchange Policies Overview Requirements Supported Information Services Supported Security Policies Require password Require
10 Backing Up Windows 7
10 This chapter looks at the options that are available in Windows 7 for backing up your system. In some cases additional software may be supplied by the manufacturer of your computer to backup it up.
Mobile Device Management (MDM) Policies
Mobile Device Management (MDM) Policies Best Practices Guide Copyright 2012 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice.
Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.
Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information
Northwestern IT Tech Talk
Northwestern IT Tech Talk Top 5 Tools for Securing Your Devices Mary Carp Data Security Analyst Northwestern Information Technology Information and Systems Security/Compliance May 19, 2016 Antimalware
activecho Driving Secure Enterprise File Sharing and Syncing
activecho Driving Secure Enterprise File Sharing and Syncing activecho Overview In today s enterprise workplace, employees are increasingly demanding mobile and collaborative solutions in order to get
Computer Backup Strategies
Computer Backup Strategies Think how much time it would take to recreate everything on your computer...if you could. Given all the threats to your data (viruses, natural disasters, computer crashes, and
Electronic Records Storage Options and Overview
Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for
Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center
Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises
