The RTO Information Security team supports data privacy and the protection of research assets, including the security requirements for regulated research. The team supports research through general regulation awareness, consultation with researchers and compliance teams, direct involvement in projects, coordination and mediation with the University Technology Office (UTO) Information Security teams, and contract terms review for security requirements.
Additionally, the team provides representation within UTO for increased researcher support in data governance and applicable interests to provide effective university solutions to researchers, including the following:
- Direct support for research network classifications and categories.
- Coordinating classified research security requirements with ASURE.
- Dissemination of security news impacting research.
- HIPAA and ePHI data security controls consultations and architecture review.
- Security controls review for regulated research.
- Security review for acquired IoT supporting research operations.
- Reviewing security requirements for ORSPA.
- KE security analytics, searching and alert support.
- KE representation for security tooling and support from UTO.
- Consulting for application and server security, DevSecOps and secure development pipelines.
- Facilitation of the Controlled Research Working Group, a collaborative effort for alignment of secure research.
- Direct security support for vulnerability scanning, review, remediation, incident response and triage for KE/ASURE research projects.
- Exploit validation testing.
- Incident response assistance, including review, remediation and mediation with the ASU SOC.
- Website security best practices review and consultation.
- Security services for the Arizona Secure Research Environment.