meeting disciplinary challenges in research data management planning – march 23 rd 2012 data...
Post on 01-Apr-2015
215 Views
Preview:
TRANSCRIPT
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
Data Management Planning for Secure Services (DMP-SS)
†Tito Castillo, †Stelios Alexandrakis, †Anthony Thomas, †Michael Waters, *Phil
Curran, *Kevin Garwood†UCL Institute of Child Health
*MRC Unit for Lifelong Health and Ageing
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
DMP-SSData Management Planning for Secure Services
The Digital Curation Centre has developed DMPOnline to assist researchers with the design of structured and standardised data management plans.
Data management planning involves consideration and application of effective information security.
Question: Can we harness aspects of DMPOnline to assist with the establishment of a formal Information Security Management System (ISMS)?
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
Summary• The project seeks to develop an Information Security
Management System (ISMS) • ISO-27001:2005
• ISMS designed to operate with a local registry of data management plans
• Health and social science surveys are standardising on DDI as the method for metadata representation
• Local DMP registry will extend DDI top accommodate the DMPOnline checklist.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
Information Security Management Systems
International standard for information securityISO-27001:2005
Describes requirements (i.e. what you ‘shall’ do)
Independently audited
Associated code of practice ISO-27002:2005
Provides guidance (i.e. what you ‘should’ do)
An ISMS is dynamic
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
Objectives
Extend DMPOnline checklist through a formal object model for data management planning
Create a local DMP repository service by extension of the DDI 3.x standard to accommodate elements of the DMP object model.
Develop suitable web-services from the local DMP repository to allow for search and retrieval of data management plans contained within the repository
Develop the necessary functional components for an ISO-27001 compliant ISMS
asset and risk registers controls and assurance records document management system
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
DMP-SS ProjectData Management Planning for Secure Services
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
DMPOnline Checklist
The DMPOnline checklist provides a taxonomy of questions relating to the planned use of data assets within a research project
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
ISO 27001 controls taxonomy
The standard proposes a taxonomy of controls and associated assurance mechanisms that may be applied by an organisation to reduce the risk to specified information assets.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
Information Security Management System (ISMS) Development
PLAN
Management Support
Define ISMS Scope
Create Asset Register
Risk Assessment
Risk Treatment Plan
Statement of Applicability
DO
ISMS Implementation Programme
Create ISMS
ISMS
CHECK
Compliance Review
Stage 1 Audit
Stage 2 Audit
ISO-27001 Certification
ACT
Corrective Action
Corrective Action Procedure
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
DataManagementPlan
InformationSecurityManagementSystem
Relationship betweenDMP and ISMS
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
What is DDI?
• Data Documentation Initiative (DDI)– XML metadata specification– Describes the study, datasets, supporting docs & other external resources– DDI Alliance
• DDI version 1.0-2.1– focus is on the archive / preservation / dissemination– Has been around since 2000. – Widely used and tools available
• DDI version 3.0-3.1– Encompasses the entire survey life cycle– Initial version released in 2009. – Early adoption stage and tools in development
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
DDI ‘life-cycle’ standard
Metadata descriptors of data management process.
….. from conceptualisation through to archival.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012
Project Workpackages1. Adaptation of DMP Online
• DCC develop web service API
2. DDI Repository development• Metadata Technology develop formal model of DMP and extend DDI repository
3. Risk assessment tool development• ICH develop ISMS (database and document management system)
4. Stakeholder Engagement• Pilot studies
5. Reporting
top related