Whether you are looking for answers regarding cybersecurity and privacy practices; learn more about UBC requirements; how to assess the security posture of your project; or require a deep dive into a solution to identify security risks; UBC Advanced Research Computing (ARC) is here to help. Consult the list of services and resources below and select the one that best matches your needs.
Security Consultation
A security consultation consists of an in person, phone, or virtual consultation between ARC and the research project team. During this consultation, ARC will respond to your security and privacy questions and provide guidance based on UBC policies, standards, and cybersecurity good practices.
Security Compliance Checklist
The ARC security compliance checklist covers high-level information security for a solution. It contains a list of items to verify for both compliance with UBC Security Policy and Standards as well as good cybersecurity practices. Note that this document is not solution specific and will not be reviewed.
Security Threat Risk Assessment - STRA
In addition to verifying compliance with UBC Information Systems policy and standards, a STRA also includes identification of potential security threats, gaps, risks as well as recommendations to help secure your research environment.
Based on the research project, the assessment type may be defined as follows:
STRA Level 1
The STRA Level 1 includes collection and analysis of high-level solution information at a specific time, and an assessment of this solution to identify possible threats. It is designed to identify the most prominent gaps in lower risk solutions (e.g.: projects collecting, processing and/or storing information classified as Low Risk or Medium Risk and/or using UBC supported services).
STRA Level 2
The STRA Level 2 consists of a thorough analysis of the solution and all associated components to identify any gaps or security risks. It includes everything from the level 1 assessment plus detailed technical, security, privacy, and governance information about the solution. Participation of the solution provider will be required. Technical understanding of the solution is recommended (e.g.: Research projects collecting, processing and/or storing information classified High or Very-High risk, or projects using a complex infrastructure).
STRA FAQ
What a STRA?
A Security Threat Risk Assessment (STRA), is an analysis of a project’s security posture. For UBC research projects, the STRA includes: collection of information, processing, storage, as well as security, privacy and governance. The information collected is then analyzed to identify possible threats, gaps and associated security risks.
Why should I complete a STRA?
As research information custodians, researchers are accountable and responsible to ensure the information collected, processed and stored is properly secured from un-authorized access, disclosure, modification or deletion. Completing a STRA is an effective method to ensure significant gaps in an architecture are addressed, and possibly prevent cybersecurity incidents. Additionally, a STRA allows a research group to ensure UBC information security requirements are met.
How long does it take to complete a STRA?
Delivery time may vary depending on the level of STRA completed as well as current workload. ARC is committed to providing the STRA service in a reasonable time to researchers.
I have a time sensitive matter; can I get the service expedited?
At this time, expedited services are not available due to resources constraints. STRAs are offered on a first-come first-serve basis, but we will make the best effort to deliver the service to your research project as quickly as we can.
When should I start the STRA process?
It is best to start the STRA process prior to an agreement being signed with the solution provider, and prior to implementation, but only once the solution's architecture has been selected. A STRA requires collection of technical information that will generally be available after the solution's architecture has been defined. Engaging in the STRA process sooner than later is recommended as this can allow flexibility for possible changes to be made prior to deployment.
What is the outcome of a STRA?
Once the assessment is completed, the requester will receive a STRA report including findings, priority as well as recommendations for mitigation.
Can ARC implement security controls for my research project?
ARC does not provide technical implementation services at this time.
System Security Plan
A System Security Plan (SSP) is a document defining the architecture, and security controls of a research solution/project at high level. The plan is created by ARC, in collaboration with the researcher and IT at UBC. It is designed to document the controls and procedures in place for a specific research project (e.g.: In a grant application).
Research with Private-Sector Partners or Advanced/Emerging Technologies
If you are planning to apply for federal government funding for research that involves a private sector partner, or that could be advancing a sensitive technology research area, you should be aware of potential implications or requirements relating to research security. UBC's Research Security team can support you to learn more about those requirements and implement best practices to safeguard your research.
Resources
Planning Research with Security and Privacy in Mind
New project coming? Don't forget security and privacy considerations during planning.
OneDrive and Teams for Research
Did you know some UBC research information can be stored on the UBC Microsoft cloud? Learn more about the requirements and best practices when using these tools.
Sharing Research Information
Learn more about UBC requirements and best practices when sharing research information.
ARC Sockeye Security and Privacy
Learn more about how we protect your research information when using our ARC Sockeye service.
ARC Chinook Security and Privacy
Learn more about how we protect your research information when using our ARC Chinook service.
ARC REDCap Security and Privacy
Learn more about how we protect your research information when using our ARC REDCap service.
Can’t find what you are looking for?
Send us an email at arc.suport@ubc.ca to talk to one of our subject matter experts.