Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University.

Published bySemaj Jefcoat Modified over 10 years ago

Similar presentations

Presentation on theme: "Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University."— Presentation transcript:

1

2 Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University of Edinburgh DIY Research Data Management Training Kit for Librarians

3 Purpose of This Presentation Topic Overview Fill some gaps Real life examples

4 Topic Overview Where to store data –Local Drive, Network Drive, Cloud –Consider: Capacity & Access by co-workers Data backup –Disaster Recovery (Business Continuity) –Long Term Backup (Archiving) Data security –Corruption or Loss (hardware failure or data deletion) –Confidentiality (personal or intellectual property)

5 Digression on Two Issues Two issues which are often overlooked but are worth highlighting are –Usernames and passwords: they are so common users often forget they are still a key part of security on most systems –Public WiFi hotspots: safe or not?

6 Usernames and Passwords If possible NEVER use your username as your e-mail address e.g. fbloggs27@staffmail.ed.ac.uk… –…always use an alias e.g.: Fred.Bloggs@ed.ac.uk –with a valid username, the bad guys only have to guess your password Do not write passwords on Post-Its/say them out loud Do not use untrusted computers (e.g. internet café) Do not use the obvious (car reg., phone no., pets name) Do not use any dictionary words (including foreign)

7 Public WiFi Do not be afraid of WiFi hot spots –Just be careful –Treat them as untrusted computers… –…unless you use a VPN* connection. * A Virtual Private Network link provides end- to end encryption between your laptop and the system you are connecting to.

8 Example 1 – Who Needs Passwords? I dont need a good (or any) password because…: –I have no important/private information in my data area –I dont care if someone else can read my files Any authorised access is a first step for the bad guys –And they may just delete all your work –Or worse, change your data which you may not notice Though you have no sensitive files, you may have access to parts of the system which DO A security hole within the system may be exploited once the bad guys have gained access by legitimate means

9 Example 2 – Backup for How Long? Researcher has accumulated several years of data and software on a departmental computer backed up remotely every day Researcher leaves for another job Replacement not found for 6 months Replacement tries to log on to computer to find the hard disk had failed 5 months previously Asks for a backup to be restored to a new disk, but discovers that backup tapes are recycled after 4 months Result – misery!

10 Example 3 – Sharing Personal Data Share a database between 3 sites –Data are clinical in nature, mostly images –User uses a database program specially written –User assures Sysadmin that all data in database are encrypted Solution: –Place database in DMZ (Demilitarised Zone) with very tight firewall restrictions –Only specific workstations at the 3 sites can connect to the database server –Connection to server requires username/password –As does access to database itself and to decrypt the data

11 Example 3 – [continued] Problem – user had not checked how the database worked –Sysadmin asked the right questions… –…but trusted the users answers –The database contents were encrypted but… –The database contained only pointers to the images –The images were stored as plain files, unencrypted, in a folder/directory outside the database! –And to make matters worse, the user decided to keep all their clinic appointment and follow up letters in the same directory – these were Word documents (not even password protected!!) Result – a close shave! –Good example of defensive, multi-level security

12 Example 4 – Wheres the Metadata? PI needs data generated by a post-doc 3 years previously – data are on backup/archive tapes –PI knows the directory/filenames and dates –Data files are restored from tape –Data files are DNA sequences with no annotations and no metadata files –PI cannot find lab notebook of post-doc –Post-docs memory does not persist for 3 years Result – misery!

13 Thank You Questions? Alastair.Brown@igmm.ed.ac.uk

14

Download ppt "Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University."

Similar presentations

Information Management and Technology

Information Management and Technology
Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
ClearCube Data Failover 3.0 Overview and Demonstration Rev. 5-30-03.

ClearCube Data Failover 3.0 Overview and Demonstration Rev
A new standard in Enterprise File Backup. Contents 1.Comparison with current backup methods 2.Introducing Snapshot EFB 3.Snapshot EFB features 4.Organization.

A new standard in Enterprise File Backup. Contents 1.Comparison with current backup methods 2.Introducing Snapshot EFB 3.Snapshot EFB features 4.Organization.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
This presentation will take a look at to prevent your information from being discovered by and investigator.

This presentation will take a look at to prevent your information from being discovered by and investigator.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Basic Data Safety Practices That Can Prevent Malpractice Claims & Ethics Violations Grant County Bar Association June 14, 2011 Kim J. Brand PresidentFounder.

Basic Data Safety Practices That Can Prevent Malpractice Claims & Ethics Violations Grant County Bar Association June 14, 2011 Kim J. Brand PresidentFounder.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google