Building Effective and Efficient Research Security Programs
Geting Started
A broad approach to building effective and research security programs
5 Ws and an H
Identifing the answers to 5 simple questions helps scope the engagement and resourcing
When - Timing and length Where - Where will you make impact (indivduals, teams, services) Who - The audiance (researchers, staff, students) What - What you intend to impact with the engagement (capability, simplification, culture, policy) Why - Is there an external driver or internal improvement? How - The plan: getting executive support, marketing, training, consulting, measurement, reporting, closure.
Think Like a Researcher
We must find the balance between compulsory and optional. Researchers don't like being told that they must do something, so we need to build the story of why they are being asked to do this and then make it as easy as possible for them to comply.
Understand the challenges they face on a day to day basis. Take the questions they ask as they begin and execute a project then create the map to the answers. It is very likely they are spread across teams, services, platforms, or even specific individuals. That is a massive barrier to a someone solving their own problems, which researchers are very good at! They aren't good at intuiting the solution you think they should choose unless they know it's an option.
Align services as answers to questions in single platform, service, or space. Map activities to the research lifecycle and how each one can be accessed, leveraged, or simply requested to help them achieve and maintain compliance
Telling the Story
You need executive buy in and support prior to rolling these programs out to researchers. Researchers will ask their deans, department heads, and DVCRs directly Why?
, and they need to be able to answer it concisely and completely. Provide metrics, statistics, and easy to share material to make those discussions easier. Here are some examples
Resources
2018 IT Risk Report, Netwrix Backblaze Hard Drive Stats Q3 2023 Gov UK Education Cybersecurity breaches Data Breach Numbers