Research Security

Information Security Office partners with the Office of Research and Research Cyberinfrastructure Center to provide guidance and resources to research groups on campus to manage information security risk and maintain compliance.

Research Data Protection

1. Know your data and where it is stored – maintain an up-to-date inventory (e.g., laptops, PCs, servers, software, media (USB, CD-ROM, DVD), hosted cloud storage).

2. Back up data regularly and test periodically – online and offline. Backups need to be physically separate (on a different system) from the primary copy of data. There are services available on campus to assist with this.

3. Use strong passwords of at least 12 characters or more and multi-factor authentication (e.g., DUO).

4. Ensure anti-malware software is installed, running and up to date. Your local IT unit can assist in getting this in place.

5. Apply patches regularly and use supported operating systems and applications.

6. Consider housing your data in a managed on premise or enterprise-approved cloud environment, e.g., UCI’s Secure Research Environment (SRE) or Campus Research Storage Pool (CRSP), Microsoft OneDrive. These are existing services on campus and available to you.

7. Vet security practices of 3rd parties (e.g., SaaS Software-as-a-Service providers) before placing valuable research data in these environments and ensure compliance.

8. Delete inactive accounts.

9. Use encrypted secure remote access services such as virtual private network (i.e., VPN) when accessing systems remotely.

10. Remain vigilant in avoiding phishing and social engineering attacks.