My responsibility as a researcher
Information security for researchers.
Terms you should know
- LSIS (information security management system, in Norwegian): A collection of documents about how UiO handles information security.
- Personal data/information: What is personal data and what is sensitive data?
- What is the difference between storing and processing personal data? The same demands are asked of both storing and processing. You can not store the data in one place and process them elsewhere. It should be done in the same place.
- Read more about privacy in research here.
IT systems and other equipment
- know what IT systems are being used in your research
- know who operates these systems
- always keep the system updated
- make sure that the system is registered at USIT or via the registration application (Norwegian). Most IT systems used in research process personal data and should be registered.
- be extra aware when technical equipment is accompanied by computer equipment or their own web solutions
- know what administrative and technical requirements USIT demands of IT systems, computers and users. Read more about this in LSIS (Norwegian).
- include local IT and USIT when phasing in and out new and old IT systems
- involve local IT and USIT in the operating of the IT systems
- be sure that the IT systems are integrated in the correct way with the rest of UiO's IT systems
- report IT systems with special needs for expentions to USIT
- take care that old systems are phased out or given special attention, eg. incorporated into the labnet service
- have regularly scheduled run throughs of the systems to discover what changes have been made in other related systems that may give new opportunities or challenges
- familiarize yourself with the part of LSIS that is about classification of information
- know where you can store different types of research
- make sure that your team has approved shared disks (Norwegian) for sharing data. local IT can help you with this.
- make sure that local IT is familiar with your research, including what data is being processed and who you are cooperating with
- make sure that data exchanged with other environments is exchanged safely and correctly
- make sure that data with protection needs (yellow, red or black data) does not end up without encryption on loose hard disks or USB units
- make sure that you and your team does not store black data outside of the services made for this kind of data. This means largely TSD.
- be extra attentive when data is transferred to laptops
- ensure that access to the systems in question is assigned and revoked with the help of good, written routines which are regularly revised
- ensure that local IT is involved in access control and is familiar with what mechanisms used. This includes for example Cerebrum groups.
- ensure that regular users does not operate the systems
- ensure that people from other environments, who are using the systems, has access the right way, for example via WebLogin, UHAD or Feide.
- ensure that the systems do not have local or impersonal users unless there is a special reason for it.
Published Nov. 30, 2018 10:34 AM - Last modified May 3, 2019 12:08 PM