Cybersecurity and Research are not a Dichotomy: How to form a productive operational relationship between research computing and data support teams and information security teams
Article No.: 67, Pages 1 - 4
Abstract
Cybersecurity and research do not have to be opposed to each other. With increasing cyberattacks, it is more important than ever for cybersecurity and research to corporate. The authors describe how Research Liaisons and Information Assurance: Michigan Medicine (IA:MM) collaborate at Michigan Medicine, an academic medical center subject to strict HIPAA controls and frequent risk assessments. IA:MM provides its own Liaison to work with the Research Liaisons to better understand security process and guide researchers through the process. IA:MM has developed formal risk decision processes and informal engagements with the CISO to provide risk-based cybersecurity instead of controls-based. This collaboration has helped develop mitigating procedures for researchers when standard controls are not feasible.
References
[1]
Andrew Adams, Craig Jackson, Ryan Kiser, Mark Krenz, Jim Marsteller, Barton P. Miller, Sean Peisert, Scott Russell, Susan Sons, Von Welch, John Zage, Kay Avila, Jim Basney, Dana Brunson, Robert Cowles, Jeannette Dopheide, Terry Fleury, Elisa Heymann, and Florence Hudson. 2019. Trusted CI Experiences in Cybersecurity and Service to Open Science. In Proceedings of the Practice and Experience in Advanced Research Computing on Rise of the Machines (learning) - PEARC ’19, ACM Press, Chicago, IL, USA, 1–8.
[2]
Jason Christopher, Gary Jung, and Christopher Doane. 2019. Making it More Secure: The Technical and Social Challenges of Expanding the Functionality of an Existing HPC Cluster to Meet University and Federal Data Security Requirements. In Proceedings of the Practice and Experience in Advanced Research Computing on Rise of the Machines (learning) - PEARC ’19, ACM Press, Chicago, IL, USA, 1–5.
[3]
Erik Deumens, Thomas Samant, Eric Byrd, Samuel Porter, Axel Haenssen, Curtis W. W. Hillegas, Elizabeth Holtz, and Irene Kopaliani. 2021. Secure Research Infrastructure Using tiCrypt. In Practice and Experience in Advanced Research Computing, ACM, Boston MA USA, 1–8.
[4]
Kuan-Ching Li, Nitin Sukhija, Elizabeth Bautista, and Jean-Luc Gaudiot (Eds.). 2022. Cybersecurity and high-performance computing environments: integrated innovations, practices, and applications (First edition ed.). CRC Press, Boca Raton, FL.
[5]
Deb McCaffrey, John Brussolo, Ryan Echlin, John Herlocher, Einor Jacobsen, Lovida Roach, Amy Yamasaki, Dan St. Pierre, and Erin Dietrich. 2021. Research Liaisons: the next layer of Facilitation: Research Liaisons. In Practice and Experience in Advanced Research Computing, ACM, Boston MA USA, 1–6.
[6]
Laura A. Odell. 2016. Data to Decisions—Terminate, Tolerate, Transfer, or Treat. Institute for Defense Analyses, Alexandria, VA. Retrieved from https://apps.dtic.mil/sti/pdfs/AD1106083.pdf
[7]
Sean Peisert, Eli Dart, William Barnett, Edward Balas, James Cuff, Robert L Grossman, Ari Berman, Anurag Shankar, and Brian Tierney. 2018. The medical science DMZ: a network design pattern for data-intensive medical science. Journal of the American Medical Informatics Association 25, 3 (March 2018), 267–274.
[8]
Wirawan Purwanto, Hongyi Wu, Masha Sosonkina, and Karina Arcaute. 2019. DeapSECURE: Empowering Students for Data- and Compute-Intensive Research in Cybersecurity through Training. In Proceedings of the Practice and Experience in Advanced Research Computing on Rise of the Machines (learning) - PEARC ’19, ACM Press, Chicago, IL, USA, 1–8.
[9]
Isuru Ranawaka, Suresh Marru, Juleen Graham, Aarushi Bisht, Jim Basney, Terry Fleury, Jeff Gaynor, Dimuthu Wannipurage, Marcus Christie, Alexandru Mahmoud, Enis Afgan, and Marlon Pierce. 2020. Custos: Security Middleware for Science Gateways. In Practice and Experience in Advanced Research Computing, ACM, Portland OR USA, 278–284.
[10]
Shivam Trivedi, Lev Gorenstein, Erik Gough, Alex Younts, Xiao Zhu, Lauren Featherstun, Nathan DeMien, Callum Gunlach, Sagar Narayan, Jacob Sharp, Brian Werts, Lipu Wu, and Carolyn Ellis. 2019. PULSAR: Deploying Network Monitoring and Intrusion Detection for the Science DMZ. In Proceedings of the Practice and Experience in Advanced Research Computing on Rise of the Machines (learning) - PEARC ’19, ACM Press, Chicago, IL, USA, 1–8.
Recommendations
Cybersecurity vs. Information Security
AbstractProtection of data assets is a hot trend topic that is attracting considerable interest worldwide. There are different concepts revolving security of data including cybersecurity and information security. Cybersecurity and information security ...
Countermeasures and their taxonomies for risk treatment in cybersecurity: A systematic mapping review
Highlights- 26 catalogues/taxonomies of cybersecurity countermeasures were identified.
- Catalogues/taxonomies mainly focus on general cybersecurity risks or cyberattacks.
- Specific countermeasure taxonomies focus mostly on critical ...
AbstractCybersecurity continues to be one of the principal issues in the computing environment. Organizations and researchers have made various efforts to mitigate the risks of cyberspace. The treatment of cyber risk is a fundamental stage in risk ...
Graphical abstractDisplay Omitted
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2022
455 pages
ISBN:9781450391610
DOI:10.1145/3491418
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 July 2022
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
Acceptance Rates
Overall Acceptance Rate 133 of 202 submissions, 66%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 145Total Downloads
- Downloads (Last 12 months)21
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format