What we do
CU Boulder’s Research Cybersecurity Program is a division of the campus’s information security program and is dedicated to advancing CU Boulder research efforts. We provide training, security and compliance resources, consulting, and assessment services to assist researchers as they secure their research data and systems. Compliance requirements can be required by multiple governing bodies including the University’s data classifications, sponsor contracts and agreements, or state and federal regulations. We specialize in helping researchers identify the appropriate level of information security controls to secure their data and systems. The Research Cybersecurity Program also fosters partnerships with other industry organizations as we pursue more effective ways to support researchers in securing their data.
Services
Specific service we provide are described below and if you don’t find one that fits your use case or scenario, feel free to reach out to us through the Information Security Review Intake form.
IRB Security Reviews
Do you have IRB Level 3 data or are you working with data designated as Highly Confidential data by the University? During the IRB plan submission process, researchers find they have IRB Level 3 or University highly confidential data. If this is the case, the IRB requires an information systems security plan be created by the researcher and signed off on by the OIT information security team before a project receives or generates the highly confidential data. The research cybersecurity team provides researchers with templates and general guidance for creating system security plans; assesses completed plans; and approves those plans which meet the minimum security requirements the study is subject to. If a cybersecurity review is required for your IRB application, please contact us by completing the Information Security Review Intake form.
Contracts and Grants IT Security Review
The Office of Contracts and Grants (OCG) works with the Research Cybersecurity team to assist with interpretation of regulatory information security compliance requirements and assessment of a research team’s ability to comply with those requirements. The research cybersecurity team often contacts the principal investigator for an award to discuss the details of the information technology environment that will be utilized as part of a research project and determine if appropriate security controls are implemented to meet the regulatory requirements in the agreement. Complete our intake form to get started!
Compliance Assessments
The Research Cybersecurity team is available to assist researchers in identifying and understanding information technology security compliance requirements they are subject to as part of their existing or planned research. The team can help researchers understand the sensitivity of the information they will utilize, identify which regulatory or University data protection standards apply, assess their information technology environments against the identified requirements, and can provide documentation templates required by the applicable standards. Fill out the Information Security Review Intake form to get started!
Research Cybersecurity Program Compliance Resources
OIT Security provides compliance documentation packages to assist you in satisfying information security compliance requirements for your research project. Please complete the Information Security Review Intake form to request access.
Contact us
- If you need assistance from our team, please complete the Information Security Review Intake form.
- If you see an event occurring that appears to be suspicious, please report suspected security incidents immediately to security@colorado.edu and for security incidents involving CUI data to cui-incident@colorado.edu.
Related Teams at CU Boulder
- IRB (Institutional Review Board)
- OEC (Office of Export Control)
- OCG (Office of Contracts and Grants)
- RIO (Research and Innovation Office)
- OIT Research Computing
