November 2024 | Expanding your communications channels - Do you know your campus government relations team? | Community Spotlight

Presented by:  Jay Gallman | Jeremy Hopkins | Melissa Vetterkind | Katie Lipe of Duke University

The flow of information on campuses can be quite complex, making it difficult to be sure that all the need-to-know parties are indeed aware of things that impact their work. For the over a year Duke has had formalized monthly meetings with our state and federal government relations team. This has allowed the IT Security Office and Government Relations to share concerns and provide information about coming regulatory changes that will affect campus and what the potential impact will be.  In this session the Government relations people will speak about their roles on campus entail, the IT Security Staff members will speak about their roles, and then we’ll discuss what we bring to the table when we meet. 

[Presentation | Meeting Recording]

May 2024

1. MITRE Resources shared by: Ingrid Skoog, Harvard University

2. Assessing and Pentesting our Enclave | shared by: Sam Porter, University of Maryland

3. Behind the Scenes: Insights from our Internal Audit | shared by: Irene Kopaliani, Princeton University

[Q&A | Presentation | Meeting Recording]

Presented By:  Mary Millsaps & Mardecia Bell, North Carolina State University

March 2024| Established Institutional Showcase

Proper governance can create a smooth path for awareness and buy-in of your regulated research program. Join North Carolina State University as they share how they’ve set up their governance. You’ll learn what roles are participating and how decisions are made. [Presentation | Q&A | Meeting Recording]

Institutional Showcase Presented By: 

• Dr. Erik Deumens, University of Florida

• Andrew Hicks, Frazier & Deeter

• Ryan Patrick, HITRUST

December 2023 | Established Institutional Showcase

University of Florida, with auditor Frazier & Deeter, and the HITRUST Alliance will present the story of certifying HiPerGator for Protected Health Information (PHI).

[Presentation + Q&A | Meeting Recording ]

Presented By: 

• Winston Armstrong, San Diego Supercomputing Center

• Kira Dunn, UC San Diego

• Carolyn Ellis, UC San Diego

• Lillian Maestas, UC San Diego

• Mike Snyder, Cyber-AB

November 2023 | Established Institutional Showcase

UC San Diego will present on their Learning Assessment handled with the lead assessor also being Cyber-AB's curriculum manager. The primary goal here was to address how Research Institutions are different from the standard assessment. [Q&A | Presentation | Meeting Recording ]

Presented By: Barbara Schnell & Silas Korb, University of Colorado, Boulder

October 2023 | Established Institutional Showcase

Institutional Showcase

University of Colorado, Boulder, will share the lessons learned from their recent C3PAO gap assessment of their enclave.

[Q&A | Presentation | Meeting Recording]

Presented By: Anurag Shankar, Indiana University

August 9, 2023  Established Institutional Showcase

Anurag Shankar from Indiana University shared his experiences establishing the NIST RMF at IU and provide useful tips like what to do when writing SSPs and what not to do during assessments.  [ Presentation + Q&A | Meeting Recording]

Presented by:  Irene Kopaliani and Curt Hillegas, Princeton University

October 12, 2022 | Institutional Showcase

“Convenience vs Security” Irene Kopaliani and Curt Hillegas discusses how Princeton University strikes a balance between convenience and security.

[Presentation + Q&A | Meeting Recording]

Presented By: Tammie McClellan, University of Central Florida

November 9th, 2022 | Institutional Showcase

[Presentation and Q&A | Meeting Recording]

Presented by: H. Birali Runesha and Steven Aldape, University of Chicago

November 9th, 2022 | Institutional Showcase

The UChicago Security Research Data Strategy (SRDS) and Secure Data Enclave (SDE): The journey and lesson learned.

[Presentation and Q&A | Meeting Recording]

Presented By: 

• Laura Raderman, Carnegie Mellon University

September 14, 2022 |Established Institutional Showcase & Discussion 

Compliance Journey

• • • Laura Raderman shared Carnegie Mellon University's journey to NIST 800-171 compliance including challenges, developing templates, setting up several enclaves, and the external audits they've participated in. 

    • Community Check-in discussion. What should we focus on as a community? Opportunities for engagement. Note: portion was not recorded, but notes do exist following the slide deck. [Presentation + Q&A | Meeting Recording]

Presented By: 

• Anurag Shankar, Indiana University

• Michael Parisi, HITRUST

July 13, 2022| Training Topic 

HIPAA and Protected Health Information (PHI) have been a presence within healthcare and medical schools since 2005. In the years since, they have been a leaking steadily into central IT and HPC centers as biomedical research computing needs have grown. This month Anurag Shankar from Indiana University talks about how IU implemented HIPAA for its central research cyberinfrastructure in 2007 and how its approach has evolved since then.

HITRUST presents the various resources, tools and solutions available for organizations to leverage in managing risk and compliance in the most efficient and effective way possible.  They walk through how their programs allow organizations to “assess once, report many” as it relates to executed one validated assessment to provide assurances over compliance with multiple authoritative sources including HIPAA, NIST, CMMC, ISO, etc.

 [Presentation + Q&A | Meeting Recording]

Presented By: Anurag Shankar, Indiana University

April 13, 2022 | Established Institutional Showcase | Making FAQs & Documentation More User Friendly Communicating security and compliance to campus researchers is a challenge for institutional cybersecurity. Anurag Shankar from Indiana University talks about how IU is meeting this challenge through its SecureMyResearch service which uses a new approach to weaving security and compliance into research workflows through online documentation and consulting. [Presentation + Q&A | Meeting Recording]

Presented By: 

• Eric Gill, Georgia Tech

• Cal Frye, Case Western Reserve University

March 9, 2022 | Established Institutional Showcase | System Security Plan Innovators Check out what Georgia Tech and Case Western Reserve University are doing to streamline their SSPs. Eric Gill of Georgia Tech shares how they process and track multiple SSPs in a highly distributed environment. Cal Frye of Case Western Reserve shares and request community feedback on their proposed plan to make their SSP a sustainable, living document. [Presentation + Q&A | Meeting Recording]

Presented By: 

• Erik Deumens, University of Florida

• Preston Smith, Purdue University

February 9, 2022 | Established Institutional Showcase | Financials & Cost Model History of Purdue University and University of Florida. Presentations include: Preston Smith of Purdue University and the 7 years of cost models with the lessons learned. Erik Deumens discusses University of Florida's journey to their current cost model. [Presentation + Q&A | Meeting Recording]