Cyber Summit 2016: A square peg in a round hole: Re-designing high performance computing infrastructure to meet privacy and ethical requirements associated with sensitive research data

•

1 gefällt mir•213 views

Traditionally, natural sciences have predominantly leveraged High Performance Computing (HPC) infrastructure within academic environments, where significant computational resources have enabled astronomers to engage in the simulation modeling of stars and galaxies, or physicists to study proton- proton collisions. With the emerging use of HPC for social and health sciences, additional controls must be implemented to ensure compliance with legislative, institutional and ethical frameworks that govern sensitive research data. Often robust security measures are considered as a suitable response for managing the additional constraints presented by this paradigm shift. This approach is not sufficient as systems originally developed to support non-sensitive data must be re-designed to effectively embed privacy and ethical requirements – which is a necessary and often daunting task. Drawing from experience at a provincial and national level, this presentation by Kaitlyn Gutteridge, Research Data Privacy and Security Officer at the University of British Columbia, considers cross-cutting privacy and ethical requirements throughout the research data lifecycle including data sovereignty and governance, data sharing and linkage, and the informed consent process. Best practices and examples of how organizations and institutions are embracing this challenge are put forward.

Technologie

A SQUARE PEG IN A
ROUND HOLE
Re-designing high performance computing
infrastructure to meet privacy and ethical
requirements associated with sensitive research
data
KAIT LY N GUT T ERIDGE
RESE AR C H DAT A PRIV ACY AND SECURIT Y OFFICER
UNIVERS IT Y OF BRIT ISH COLUM BI A

4
OVERVIEW
1. Scope
2. Context / current situation
3. Dilemma: can’t force a square peg into a round hole
4. Current activities and areas of interest moving forward
5. Lessons learnt

5
SCOPE
• Research data that has been collected on individuals, which has received REB
approval
• New and future users of Compute Canada infrastructure
• Province of BC and within UBC’s governance structure
• Takes into consideration what is / will be in place with Compute Canada Security
Program
• Ethics and privacy lens

7
CONTEXT – SQUARE PEG
• What does this mean for data governed under legislation and ethical
requirements?
• Data governance
• Data sovereignty
• Research data lifecycle
• Access, use, storage, retention, destruction
• Ethical validity

8
CURRENT ACTIVITIES – NATIONALLY
• Compute Canada Security Program
• Security framework, aligned on ISO 27001/27002
• Aims to identify and mitigate gaps caused by CC activities
• Leverage local controls and define requirement for additional controls
• Key goals:
• Better alignment between CC’s services and CC’s strategic vision;
• More efficient implementation of controls for information security;
• Minimization of overall risk;
• Enhancement of trust by external partners;
• Better coordination and response to threats and incident.

9
CURRENT ACTIVITIES – NATIONALLY
• Consultation process between Compute Canada and partner institutions
• Partnerships with organizations and Compute Canada nodes such as:
• BC Genome Sciences Centre
• HPC4Health
• Population Data BC
• Health Data Privacy and Governance Best Practices
• Alignment with other national initiatives including Research Data Canada’s work

10
CURRENT ACTIVITIES – LOCALLY
• UBC Advanced Research Computing (ARC) team
• Free institutional service supporting the high-performance computing and data
management needs of UBC researchers.
• Pre-grant consultation on infrastructure and privacy, security, data management needs
(CFI and non-CFI)
• Data Management Plans – Research Ethics Board integration
• Compliance mapping – UBC and Health Authority requirements on CC infrastructure

11
LESSONS LEARNT SO FAR
TRUST STACK
idea platform other person

12
LESSONS LEARNT SO FAR
CONTEXT
legislative institutional discipline

14
THANK YOU AND QUESTIONS
Kaitlyn Gutteridge
Research Data Privacy and Security Officer, UBC
kaitlyn.gutteridge@ubc.ca
www.arc.ubc.ca

Weitere ähnliche Inhalte

Mehr von Cybera Inc.

What are the opportunities and the challenges offered by emerging modes of technologically-inflected communication and decision-making? What is our role and responsibility as educators and as developers of research and teaching digital infrastructures? What do students need in the 21st century? As education institutions and providers struggle to respond to the first two questions, are we abrogating our responsibility to the last? In this talk, Matt Ratto will describe some of the opportunities and the challenges we currently face, laying out a model of action for how to potentially address the questions raised above. Core to his thinking are two related points; first that we must help students develop a greater sense of how the informational world and its attendant infrastructures helps shape how and what we think, and second, that a good way to do this is to give students the space to engage in reflexive acts of technological production – what Matt has termed ‘critical making.’ He will provide concrete examples from both his research and his teaching that demonstrate the value and importance of reflexive, hands-on work with digital technologies in helping students develop the critical digital literacy skills they need to function in today’s society. Matt Ratto is an Associate Professor in the Faculty of Information at the University of Toronto and directs the Semaphore Research cluster on Inclusive Design, Mobile and Pervasive Computing and, as part of Semaphore, the Critical Making lab.

Cyber Summit 2016: Technology, Education, and Democracy

Cybera Inc.

There is a prevailing belief that users are the weakest link the security chain. In this presentation, Dr. Chiasson discusses how this perspective is inherently counterproductive to achieving increased cyber security and explore alternatives with a higher chance of improving security. Why do users behave insecurely even though most will readily state that security and privacy are important? This talk will cover some of our recent research exploring reasons why users' actions do not necessarily reflect their desire for security and how the configuration of security systems may actually weaken security in practice. She presents her work using eye-tracking to determine how users make phishing determinations, and how we can persuade users to behave more securely through improving their mental models of passwords and by making adjustments to the system configurations.

Cyber Summit 2016: Understanding Users' (In)Secure Behaviour

Cybera Inc.

Serious threats to private and governmental organizations do not only come from the outside world, but also come from within. Some employees and contractors with legitimate access to buildings, networks, assets and information deliberately misuse their priviledged access to cause harm to their organization. What are the reasons behind their actions? Is it debts, greed, ideology, disgruntlement, or divided loyalty? Regardless of their motivations or vulnerabilities, traitors have very similar types of personality and display a certain pattern of behaviours before committing an insider incident. As a prevention measure, it is vital that organizations and employees understand, recognize and detect the common indicators of insider threat. Would you recognize the signs? Mario Vachon is an Insider Threat Security Specialist with the RCMP Departmental Security Branch.

Cyber Summit 2016: Insider Threat Indicators: Human Behaviour

Cybera Inc.

Canada allocates a substantial amount of public funding to research, which is a critical factor in ensuring we remain innovative and competitive. Increasingly this funding is geared to the support and development of digital research infrastructure (DRI), including the underlying networks and the associated data acquisition, storage, analysis and visualization. In order to maximize the benefits of increasingly complex DRI and the research it facilitates, it is important to make sure data is properly stewarded, accessible and reusable. By adopting appropriate approaches to research data management we are better positioned to respond to challenges, such as effectively measuring research impacts, and ensuring the reproducibility, privacy, and security of research outputs. Research Data Canada (RDC) is a member-driven organization committed to developing a sustainable approach to research data management, one based on interoperability and best practices. This session will provide an update on the efforts of RDC and partner organizations, including: CANARIE, Compute Canada, CARL Portage Network, CASRAI, the TriAgencies, and the Leadership Council for Digital Infrastructure. Intersections with international activities and projects will also be highlighted. These efforts are ultimately designed to faciliate a cohesive national approach to research data management, and one based on a clearly articulated vision for supporting innovation and discovery in Canada. Mark Leggott is the Executive Director of Research Data Canada.

Cyber Summit 2016: Research Data and the Canadian Innovation Challenge

Cybera Inc.

The Internet has revolutionized how — and how much — each of us can know. Our digital tools put the knowledge of the world at our fingertips — and soon, maybe, right into our heads. But what kinds of of knowledge do our devices give us, and how are they reshaping and challenging the role that education and libraries should play in our lives? This talk was delivered by Michael Patrick Lynch, professor of philosophy at the University of Connecticut, where he directs the university’s Humanities Institute.

Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data

Cybera Inc.

Although there is no well-established definition of big data, its main characteristic is its sheer volume. Large volumes of data are generated by people (e.g., via social media) and by technology, including sensors (e.g., cameras, microphones), trackers (e.g., RFID tags, web surfing behavior) and other devices (e.g., mobile phones, wearables for self-surveillance/quantified self), whether or not they are connected to the Internet of Things. However, the large volumes of data needed to capitalize on the benefits of big data can to some extent also be established by the reuse of existing data, a source that is sometimes overlooked. Data can be reused for purposes similar to that for which it was initially collected, but also beyond these purposes. Similarly, data can be reused in its original context, but also beyond this context. However, such repurposing and recontextualizing of data may lead to privacy issues. For instance, data reuse may lead to issues regarding informed consent and informational self-determination. When the data is used for profiling and other types of predictive analytics, also issues regarding stigmatization and discrimination may arise. This presentation by Bart Custers, Head of Research, eLaw – Center for Law and Digital Technologies at Leiden University, The Netherlands, focuses on the privacy issues of big data sharing and reuse and how these issues could be addressed.

Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse

Cybera Inc.

Stephen Childs was hired by the University of Calgary to develop an individual-level predictive model mapping students' decisions to attend the University. In his experience, the higher education sector was slow to use all the data it has available, but this is now changing. As interest in making use of organizational data grows, staff must consider how these models will be used, and any problems that could arise. When individual predictions become the basis for decisions, how do we ensure our algorithms don't make existing problems worse? A framework for handling these issues now will let organizations handle these issues in a way that is consistent with their values. Given the culture of today's institutions, and the success of predictive analytics in other fields, there is no doubt that these tools will be used. These techniques can improve student success and the competitiveness of educational organizations, but the benefits should not be gained at the expense of individuals within the system. This talk will propose a set of best practices for using institutional data for predictive modelling to address equity, privacy and other concerns. We must start thinking of this now, before other practices become entrenched.

Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...

Cybera Inc.

Canada’s National Research and Education Network, like other ultra-speed research networks, has evolved to transfer massive amounts of data at 100Gbps and beyond. But with the volume of data traffic growing at more than 50% per year, the ability to move increasing volumes of data is challenging. What are the kinds of applications in research and education that are driving this growth? What are the implications of the coming data tsunami on our communication networks? And what happens to network economics to keep up with the demand? CANARIE’s Chief Technology Officer, Mark Wolff, explores these topics and offer insights into how the NREN will evolve to continue to meet the unique needs of Canada’s research and education community.

Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...

Cybera Inc.

The City of Calgary is responsible for providing municipal services to 1.1 million people and 16,000 employees with more than 700 sites and critical infrastructure units. The municipal services represent a $60B asset base including water and wastewater treatment plants, light rapid transit, emergency services, roads and recreation facilities, and has revenue and procurement streams of $4.0B annually. During his tenure, Owen Key, Chief Security Officer and the Chief Information Officer for the City, has implemented enterprise systems for CCTV, access and ID control, physical security information management systems, and has responsibility for information security.

Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data

Cybera Inc.

The law has long struggled to keep pace with the rapid change that comes with the Internet and new technologies. From the cross-border challenges posed by a global network to the privacy implications of big data, law and policy simply cannot move at “Internet speed.” Yet despite the difficulties, politicians and policy makers increasingly find themselves at the heart of emerging policy issues, asked to address the balance between privacy and surveillance, the competing copyright interests of creators and users, and the market structure for network providers and disruptive competitors. This keynote talk will explore the emerging law and policy challenges, highlighting how all Internet users have the opportunity to help shape the digital policy landscape. Dr. Michael Geist is a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law.

Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...

Cybera Inc.

Privacy, Security & Access to Data

Cybera Inc.

Historically, the University of Alberta lacked a centrally managed repository for reporting data, resulting in inconsistency and disparity in access for units across campus. Meaningful and actionable reports were limited, and only focused on the interests and goals of the few units with data analysts who could synthesize the information. Over the last couple of years, the University of Alberta has undertaken major changes in how information is managed and utilized. At the forefront of this change has been an increased interest in supporting the development of analytics and supporting tools. Beginning with the implementation of a centrally managed data warehouse with self-service capabilities, and the introduction of cloud services with business process analysis tools, the University is just starting down the road of big data. This presentation explores opportunities and challenges for the University of Alberta in utilizing big data.

Do Universities Dream of Big Data

Cybera Inc.

Analytics 101: How to not fail at analytics

Cybera Inc.

Are MOOC's past their peak?

Cybera Inc.

While the use of online instructional technologies allows the presentation of theoretical science materials, how do we deal with the fact that such courses often include hands-on labs? Laboratory simulations can only provide a solution for online students in a limited and often artificial way. Nearly 20 years ago, Athabasca University developed a solution to the problem of students having to travel to complete their lab work. Emerging technologies at the time allowed for quantitative physics labs to be sent to students as a small kit. The physics initiative was so successful, with over 5,000 students served, that it was picked up in other fields at Athabasca University. Over the years, such material has become cheaper, easier to use, and more integrated with modern computers. Athabasca is now pioneering ways to put real labs directly onto the internet. In this session, the methods used to make real lab experiences available to online students will be discussed, and some of them demonstrated.

Opening the doors of the laboratory

Cybera Inc.

Open City - Edmonton

Cybera Inc.

Data science and the use of big data in healthcare delivery could revolutionize the field by decreasing costs and vastly improving efficiency and outcomes. There is an abundance of healthcare data in Canada, but it is mostly siloed and difficult to access due to privacy and security challenges. This session will offer insights into best practices for healthcare analytics programs, as well as use cases that demonstrate the potential benefits that can be realized through this work.

Unlocking the power of healthcare data

Cybera Inc.

Checking in on Healthcare Data Analytics

Cybera Inc.

Governments around the world fund billions of dollars in research every year. Ensuring that the results of research are available to the public, other researchers and industry has become an important underlying value in order to maximize the impact of our publicly funded research. This session will discuss what’s driving the trend towards greater openness and provide an overview of international developments that will help put Canada’s activities into context.

Open access and open data: international trends and strategic context

Cybera Inc.

Geospatial data have been an integral part of the everyday at the City of Calgary since the City’s incorporation in the late 19th century. Today, geospatial professionals at the City of Calgary assemble and manage increasing variety and volume of geospatial data, and work to integrate these data into everyday business operations, including planning and response to civil emergencies such as the 2013 flood event. Despite challenges to data integration, coordination with business and technology partners have resulted in successful development, deployment and maintenance of specific business and enterprise tools that leverage rich spatial and business data with emerging technologies throughout the corporation in the 21st century.

Integrating Geospatial into the Everyday

Cybera Inc.

Mehr von Cybera Inc. (20)