Introducing SAaaS: Security Assessments as a Service for Research

A common requirement for large, complex or unique research initiatives taking place in and across health authorities and involving the handling of sensitive information is the completion of a privacy impact assessment (PIA) and/or security threat & risk assessment (STRA). Often, by the time consultation for the STRA process is initiated, the research project will have received ethics approval and developed or identified the platform or service it is intending to deploy. The research group may be eager to proceed, and modifications to the platform based on security assessment findings can be difficult to fully implement at that stage. To help move researchers through the security assessment process, the Sensitive Research Team at UBC Advanced Research Computing has begun to offer STRAs as a complementary service for UBC researchers requiring security assessments. This presentation will introduce the Security Assessment service offered by ARC, examine how research projects are referred for assessment, speak to how we see the process evolving in the future, and will review key areas of inquiry in the consultation and discovery/intake process serving also as a primer on some key security gaps commonly encountered in the research STRA process.

 

Speakers 

Luc Letarte

Security Analyst - Sensitive Research | UBC Advanced Research Computing

Luc Letarte is a cybersecurity analyst with the Advanced Research Computing department at the University of British Columbia. He is a graduate from the University of Quebec in Montreal, and holds IT experience in different segments of the public and private sector including financial, legal and health care. He specializes in governance for information privacy and information security.

 

session recording