Research Security Working Group

The Research Security Working Group is a sub-working group of the Information Security and Trust Advisory Board.

Security of research in higher education is an increasingly important topic. High profile attacks on security of research, combined with increased regulatory scrutiny from research funding groups, has increased the risks to the university. The Research Security Working Group’s (RSWG) mission is to review, evaluate, and make recommendations regarding securing research activities according to law, contract requirements, and/or acceptable practice to the STAB. 

RSWG members are appointed by the university’s Chief Information Security Officer (CISO) or designee, and may consist of staff representing the following areas within the university: 

  • Researchers from various university units
  • College/Unit Research Administrators
  • Technology Commercialization Office
  • Office of Research
  • Digital Security and Trust
  • Office of Technology and Digital Innovation 
  • Technology or security leaders of university units
  • Office of Legal Affairs (non-voting)
  • Internal Audit (non-voting)

 

Procedures and Meetings

The following provides the standard operations and procedures the RSWG will follow to fulfill its purpose and mission.

  1. Regular meetings: The RSWG will meet monthly.
  2. Ad hoc meetings: When, and if necessary, ad hoc meetings of the RSWG will be called by the CISO or designee in order to perform its responsibilities of reviewing and making recommendations with respect to research security in a timely manner.
  3. Organization: The CISO or designee will act as the facilitator of the RSWG (the “Facilitator”). The Facilitator will be responsible for scheduling and presiding over meetings and acting as secretary of the meetings.
  4. Presence at Meeting: In-person participation is preferred. Members may send designees to act on their behalf if they are not able attend a meeting.

 

Responsibilites

The RSWG will have the following objectives and responsibilites:

  1. Ensure research security guidelines, controls, or other procedures are established; are designed to appropriately manage the university’s exposure to information and technology risk; and ensure compliance with relevant laws and regulations, aligned to the greater university Information Security Framework.
  2. Recommend activities that will evaluate the current state of research security against existing requirements. 
  3. Work with support groups across the university to make recommendations for services to researchers which provide the appropriate security controls. 
  4. Identify security training for the research community, as required by regulation(s) or good practice, including content, delivery methodologies, frequencies, and appropriate trainers and forum for training.
  5. Review incidents and audit findings related to research security and recommend and monitor ongoing mitigation. 
  6. Perform other responsibilities as assigned by the STAB.