National Cybersecurity Awareness Month

Protecting research and data is central to cybersecurity in higher education

This expert Q&A is part of our Cybersecurity Awareness Month series, exploring the top trends and tips for staying safe in an increasingly complex online ecosystem.

Jake Garcia
October 22, 2024

Despite an Arizona State University (ASU) specific job title for Carolyn Ellis, her work touches institutions all over the country. As the director of research in cybersecurity and compliance, she helps around 300 universities abide by regulated research framework and compliance regulations. 

Simply put, if there is data that is subject to certain security requirements, she advises and points to the community of resources led by ASU.

“There are direct connections to the ASU charter,” she said. “We're inclusive to anyone who is looking for this type of expertise. We are advancing research, and we're contributing to the discovery of public value in that space. We assume the fundamental responsibility to the communities we serve. Everyone, including ASU staff, is benefiting from us taking this national platform and stepping out there and leading the way.”

In the Q&A below, Ellis analyzes the importance of open research cybersecurity and offers advice to those in need of data protection.

Question: October is National Cybersecurity Awareness Month. What is top of mind for you in the current state of cybersecurity?

Answer: What's supporting our major portfolio is our fundamental research. Fundamental research essentially means it's going to be open and available for anyone, once published. Anyone can download this. This is made to be distributed around the world.

And there's this myth that says, ‘Because it's going to end in that type of state, that means basic cybersecurity doesn't apply.’ And to me, that's so far from the truth. Your data is worth securing and protecting because it is your life's work.

Back in the day, a researcher could close their lab door, lock it, walk away for the night and your data is perfectly fine. In this day and age, everything is interconnected. You're collaborating with researchers around the world with many unknown networks and softwares with possible security vulnerabilities… That means your data is out there with unknown end-to-end security controls prior to you being able to publish it.

Q: In your work, you refer to the “Cybersecurity Triad.” What does that mean and why should researchers care about it?

A: It is an IT term, and it is the trifecta of confidentiality, integrity and availability. These are important for people in security and people in research.

Confidentiality is the fact that the data remains yours. This could be protecting your intellectual property and keeping it from the people that are outside your circle of trust.

Integrity is about how accurate your data actually remains. The integrity of your data is your reputation and how you could pursue future research.

Availability means to you: Is your data available for work you need to do, when you need to do it?

It is all about keeping the intellectual property of yours safe and keeping it accurate until you're able to publish it. So all of these three elements of the triad – confidentiality, integrity and availability – come together to create this holistic way that you can secure your research.

A researcher's intellectual property is their reputation. It is their future funding opportunities. If a researcher's data were tampered with, whether it was intentionally or unintentionally, that change in their data set might impact all of their future work.

Q: How prevalent of a problem is data being compromised?

A: I think the automatic assumption is people are looking to steal your data. There are certainly places and foreign entities that are looking to do that, if you have research in the domain of expertise for them.

What's often overlooked is the danger of data being just comprosed and not completely stolen. Compromise could also happen if your computer has a virus on it, and it becomes something as simple as you can't trust your data anymore.

Q: What can researchers do to better protect their data?

A: Our researchers are already prioritizing the security of their data; let's take credit for all the things we're really doing. For example, using strong passwords and two-factor authentication to help secure the access to that system. Instead of using shared passwords or open systems, you are protecting who can actually have access and availability to that data. Backing up your data is also important, whether it's your own hard drive or a cloud. It could save you from the cybersecurity availability or integrity challenges.

Q: What research initiatives are taking place at ASU that highlight why it is so important to prioritize cybersecurity?

A: The School of Medicine and Advanced Medical Engineering is about a year away from having students. They are currently going through all the processes of: ‘How would students work with that type of data?’ And that one definitely intersects with my world. There's a good chance it can actually hit all of the big regulations. 

We are also setting up the Southwest Advanced Prototyping (SWAP) Hub, which is going to put ASU as the lead institution for microelectronics and defense research. That's going to come with significantly more scrutiny and regulations put upon these researchers.

It is a really exciting time to be securing our innovations at ASU.

Q: We asked each expert to provide a practical tip. Check out Ellis' response below:

ASU Enterprise Technology
ASU Enterprise Technology

Contact us

Support ASU

Maps and Locations Jobs Directory Contact ASU My ASU
Repeatedly ranked #1 in innovation (ASU ahead of MIT and Stanford), sustainability (ASU ahead of Stanford and UC Berkeley), and global impact (ASU ahead of MIT and Penn State)
Copyright and Trademark Accessibility Privacy Terms of Use Emergency