The Advanced Research Computing, Research Cybersecurity and Compliance team is pleased to announce the availability of our improved Security Threat Risk Assessment (STRA) process. An STRA analyzes the security posture of a research project or service. For UBC research, it includes reviewing how information is collected, processed, and stored. It focuses on compliance with UBC cybersecurity requirements found in the UBC Information Security Standards. The assessment identifies potential threats, gaps, and associated risks. This new process asks a minimal number of questions to automatically assess the risk of a project or service and then route the request either to generate an automatic report or for review by a research cybersecurity and compliance specialist.
STRAs may be required to meet institutional policies, regulations, funding agency requirements, ethics board expectations, or contractual obligations. Not sure if you need one? Check the use cases under "Are research project treated differently" (https://privacymatters.ubc.ca/pia-stra/frequently-asked-PIA-questions)
For more information about research STRA and other services please see: https://arc.ubc.ca/security-privacy#stra