Information Security Guide
Confidence in the meaning, disposition, and provenance of information is at the heart of scientific research and discovery. Our confidence originates from our trust in the processes used to conduct experiments, analyze results, and create knowledge. The processes we define to support reproducible discovery are the foundation of information security in the research domain.
Modern science is increasingly an expression of ideas in the virtual spaces of the computational platforms that surround us. The computer is our most versatile scientific instrument. The computer allows us to explore any abstraction we can envision and to build pathways to our discoveries. They help us by supporting development of a reproducible process. Good process lets us explore our virtual worlds with confidence. It underlies our trust in the experiments we conducted and the results we obtained from our virtual worlds.
At UAB, we are building a Research Computing System that supplies researchers with HPC, storage, web, and virtual infrastructure to facilitate investigation, develop research applications, and enable collaboration. This system is being designed to promote and support processes that ensure confidence in the experiments conducted and results obtained using this system. In other words, we are building a scientific instrument to support the virtual expressions of modern science.
The information security guide will document the function of the Research Computing System to engender trust in the information recorded on and derived from the conduct of science on this platform.
To facilitate dialogs about the Research Computing System and its development across a wide variety of groups and interests, this document will leverage definitions and standards for information security being developed by NIST. According to NIST, information security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. This term is defined in (FIPS-199), the primary standards document that all participants in this dialog should be familiar with. FIPS-199 identifies "information types" and "information systems" as the two primary classes used to document information security requirements. Additionally, it defines three areas of information security "confidentiality, integrity, and availability" that are used to guide the implementation of appropriate process. FIPS-199 is a short document, and the heart of the matter is covered in the first 6 pages. The remaining content is an appendix defining the referenced terms.