Research Security Working Group

The Research Security Working Group (RSWG) is a sub-working group of the Information Security Advisory Board (SAB).

Security of Research in Higher Education is an increasingly important topic.  High profile attacks on Security of Research, combined with increased Regulatory scrutiny from research funding groups, has increased the risks to the university.  The RSWG’s mission is to review, evaluate and make recommendations regarding securing research activities according to law, contract requirements, and acceptable practice to the SAB.

RSWG members are appointed by the University’s Chief Information Security Officer (CISO) or designee, and may consist of staff representing the following areas within the University:

  • Practicing Researchers from multiple university units
  • College/Unit Research Administrators
  • Technology Commercialization Office
  • Office of Research
  • Enterprise Security
  • Office of the Chief Information Officer
  • Technology or security leaders of other University units
  • Office of Legal Affairs (non-voting)
  • Internal Audit (non-voting)

Procedures and Meetings

The following provides the standard operations and procedures the RSWG will follow to fulfill its purpose and mission.

  1. Regular meetings: The RSWG will meet monthly.
  2. Ad hoc meetings:  When and if necessary, ad hoc meetings of the RSWG will be called by the CISO or designee in order to perform its responsibilities of reviewing and making recommendations with respect to Research security in a timely manner.
  3. Organization.  The CISO or designee will act as the facilitator of the RSWG (the “Facilitator”). The Facilitator will be responsible for scheduling and presiding over meetings and acting as secretary of the meetings.
  4. Presence at Meeting:  In-person participation is preferred. Members may send designees to act on their behalf if they are not able attend a meeting.

Responsibilites

The RSWG will have the following objectives and responsibilites:

  1. Ensure Research security guidelines, controls or other procedures are established, that are designed to appropriately manage the university’s exposure to information and technology risk, and ensure compliance with relevant laws and regulations, aligned to the greater University Information Security Framework.
  2. Recommend activities that will evaluate the current state of Research Security against existing requirements.
  3. Work with support groups across the University, to make recommendations for services to Researchers which provide the appropriate Security controls.
  4. Identify Security training for the research community, as required by regulation or good practice.  Includes content, delivery methodologies, frequencies, and appropriate trainers and forum for training.
  5. Review incidents and audit findings related to Research Security, and recommend and monitor ongoing mitigation.
  6. Perform such other responsibilities as the Information Security Advisory Board may assign it from time to time.