50 likes | 157 Views
Architecting Security into Research Projects. George O. Strawn NSF CIO. Points to consider. Draft NSF statement on PI responsibilities Draft NSF Guidelines for IT security At what cost?. Draft Article on Cyber-security for FATC Supplements for Large Facilities and FFRDCs.
E N D
Architecting Security into Research Projects George O. Strawn NSF CIO
Points to consider • Draft NSF statement on PI responsibilities • Draft NSF Guidelines for IT security • At what cost?
Draft Article on Cyber-security for FATC Supplements for Large Facilities and FFRDCs The awardee is responsible for all information technology (IT) systems security and associated equipment and information, funded directly or indirectly by this award. The awardee shall present to the cognizant NSF Program Officer and Grants and Agreements Officer an IT security plan addressing policies and procedures for review and approval within 60 days of award. The plan should include evaluation criteria that will measure the successful implementation and deployment of the plans, policies and procedures. For further assistance and guidance please review Draft NSF IT Security Guide for Large Facilities found at (…)
Draft Guidelines for IT Security of NSF Large Facilities • Table of Contents • Preface • I. Introduction • II. Overview • III. Categorization of Systems • IV. NSF Minimum Security Requirements • V. Best Practices • Appendix A – Glossary of Terms
At what cost? • Underinvestment is common • Unfunded mandate? • Need to compare cost of potential outage(s) with cost of IT security program • Investment may follow major outage or “management enlightenment”