Skip to main content
People Departments Maps Buildings Rooms A-Z
University
of Victoria
Apply Library
Sign in Online tools Sign out
Research Computing Services

Research Information Security

Want to understand the cybersecurity risks to your research—and how to prevent them? Do you need help applying cybersecurity into your project? The Research Information Security Program (RISP) offers advice and tools to help you keep research data safe. It also helps you follow cybersecurity rules in grants, contracts, and data agreements.

Need for cybersecurity in research

Cyber-attacks are a known risk at research universities, making cybersecurity essential in research. These risks arise due to:

  • high value research information
  • development of state-of-the-art technology
  • intellectual property
  • geo-political interests

Cybersecurity can help researchers:

  • protect sensitive data
  • maintain research integrity
  • ensure compliance
  • protect reputation and competitive advantage
  • safeguard collaborations

Security reviews

We can help you with assessing the threats and risks to your research computing environment. This identifies the security gaps and recommendations to mitigate those gaps. This assessment can be requested at any stage of the research project.

For review of research partnerships, contact Research Security Unit.

Cybersecurity roles and responsibilities

Everyone involved in research at the University of Victoria should read and understand the Information Security Policy. Below are the roles commonly found in research teams and their related responsibilities.

An individual who is the leader of a research team or project. Principal Investigators (PIs) are responsible for the conduct of the research and for the actions of the team. Responsibilities for this role are equivalent to Administrative Authority in the Information Security policy.

An individual that is part of the research team. They are responsible for conducting the research, collaborating in the research and/or regularly handling research information. Examples include student researchers or post-doctoral fellows.

Responsibilities:

  • Understanding—and, when required, developing and recommending to the PI—standards, procedures, and other controls for lifecycle management, risk management, quality assurance, appropriate use and security of information.
  • Implementing and maintaining the information security controls that enforce the rules and procedures for information and records management.
  • Granting and revoking Users and Providers access to information and, when necessary, instructing them on the authorized uses of that information, as approved by the PI.
  • Enabling the timely detection, reporting, and analysis of security incidents where circumvention, or attempted circumvention, of controls takes place.

An individual who supports the research team in the deployment, maintenance, and administration of information technology of the research solution. Responsibilities for this role are equivalent to Provider in the Information Security policy.

It is not necessary that all these roles exist, or one role could be a combination of the roles described. Everyone on the research team, no matter their role, must also follow the User responsibilities in the Information Security Policy.

Research information security classification

We recommend that researchers classify the data used in their research according the levels in UVic's Information Security Policy.

Awareness training

We strongly recommend researchers complete these self-paced trainings to understand and mitigate cybersecurity risks:

  1. Phishing awareness
  2. Cybersecurity for researchers (Module 2)
  3. Federal cybersecurity guidance for research

Tools and resources

 UVic offers a number of tools that can be used for your cybersecurity needs:

We've also collected some helpful resources to make cybersecurity easier for researchers:

  •   Asset inventory: this template can help you in keeping track of all assets (Hardware, Software, Users) in your environment. 
Asset inventory
16KB XLSX file
  • Risk assessment: this template can be used to track the cybersecurity risks associated with your research environment.
Risk Assessment
166KB XLSX file

Plan a consultation with us on how these tools and resources can help guide your cybersecurity journey.

Report an information security incident

All suspected or confirmed information security incidents must be reported to the Information Security office as per UVic's Information Security Policy. PIs are responsible for any external reporting requirements such as funding agencies, data sharing agreements, research ethics board, or regulatory bodies.

Incident response expectations from the research team:

  • Documenting the incident details, including what happened, when, and what was affected.
  • Coordinating with institutional contacts during the incident response process.
  • Preserving affected systems or data for investigation (avoid tampering).
  • Participating in post-incident reviews to implement corrective actions and prevent recurrence.

Reporting an incident helps prevent further damage and enables the timely protection of systems and people.

Information security incident

Information security incident: any event that threatens the confidentiality, integrity or availability of information systems and sensitive information (but doesn't constitute a privacy breach or incident).

Report information security incidents to IT support.

Report an incident

Support and consultation

Need help planning cybersecurity for your research? You might be starting a research project, handling sensitive data, or meeting compliance requirements. Request a one-on-one consultation at any stage of your research project lifecycle.

Contact the Research Information Security Program