Research Cybersecurity and Privacy Services

The STRA Level 1 includes collection and analysis of high-level solution information at a specific time, and an assessment of this solution to identify possible threats. It is designed to identify the most prominent gaps in lower risk solutions (e.g.: projects collecting, processing and/or storing information classified as Low Risk or Medium Risk and/or using UBC supported services).

The STRA Level 2 consists of a thorough analysis of the solution and all associated components to identify any gaps or security risks. It includes everything from the level 1 assessment plus detailed technical, security, privacy, and governance information about the solution. Participation of the solution provider will be required. Technical understanding of the solution is recommended (e.g.: Research projects collecting, processing and/or storing information classified High or Very-High risk, or projects using a complex infrastructure).

What a STRA? 
A Security Threat Risk Assessment (STRA), is an analysis of a project’s security posture. For UBC research projects, the STRA includes: collection of information, processing, storage, as well as security, privacy and governance. The information collected is then analyzed to identify possible threats, gaps and associated security risks.  

Why should I complete a STRA? 
As research information custodians, researchers are accountable and responsible to ensure the information collected, processed and stored is properly secured from un-authorized access, disclosure, modification or deletion. Completing a STRA is an effective method to ensure significant gaps in an architecture are addressed, and possibly prevent cybersecurity incidents. Additionally, a STRA allows a research group to ensure UBC information security requirements are met.  

How long does it take to complete a STRA? 
Delivery time may vary depending on the level of STRA completed as well as current workload. ARC is committed to providing the STRA service in a reasonable time to researchers.  

I have a time sensitive matter; can I get the service expedited? 
At this time, expedited services are not available due to resources constraints. STRAs are offered on a first-come first-serve basis, but we will make the best effort to deliver the service to your research project as quickly as we can.  

What is the outcome of a STRA? 
Once the assessment is completed, the requester will receive a STRA report including findings, priority as well as recommendations for mitigation.  

Can ARC implement security controls for my research project? 
ARC does not provide technical implementation services at this time.