Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assessing risks and vulnerability #84

Open
paolap opened this issue Mar 6, 2024 · 3 comments
Open

Assessing risks and vulnerability #84

paolap opened this issue Mar 6, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@paolap
Copy link
Contributor

paolap commented Mar 6, 2024

This is an odd one but it popped up at one of the data consolation meeting that Chloe held and has interesting aspects. I'm trying here to recall some of the observations:

  • investing in private cloud storage could be ok for a small project but there's an inherent risk that costs can rise and become unsustainable in the future when the project is too invested to move out of it

  • university (and probably even more so other institutions) have now to make sure they take steps to avoid foreign interference and data breaches, to avoid breaking the law and repetitional damage.

  • data misuse, this is actually acutely felt by researchers and often (in my experience) put forward as a reason against sharing data
    Any other points?

I think it would be interesting once we completed other more critical parts of the book to look into some suggestions on how to conduct a risk assessment linked to the choice of data storage and delivery. It doesn't have to be complicated it can just be a set of questions that a user can consider, accompanied by a few common use cases.

Example guidelines:

  • familiarise yourself with the host strategy for data security
  • assess the potential growth of storage need of your data collection in time (you might be regularly retiring data while producing more, it's short or long term lived project, will the resolution of your data also grow with time, will change in audience size affect the costs?)
  • come up with a plan to move out of private could storage should you need to in different scenarios: storage could become too expensive; cloud services aren't anymore capable of delivering data in suitable ways, cloud services provider close down...
  • assess the potential interest in your data from a malignant entity (climate deniers?)

I'm sure some AI can come up with many more :-)
@paolap paolap added the enhancement New feature or request label Mar 6, 2024
@hot007
Copy link
Contributor

hot007 commented Mar 7, 2024

If publishing data - guarantee of longevity of published product? Most data ages and does not need to be available forever, but if DOI'd there are certain obligations...
https://www.nature.com/articles/d41586-024-00616-5

@hot007
Copy link
Contributor

hot007 commented Mar 7, 2024

From a data storage perspective - ensuring data is writable by a very limited set of people - more than one, so that access isn't lost when a researcher moves institutions, retires etc., but that data can't be modified by bad actors.

@paolap
Copy link
Contributor Author

paolap commented Mar 7, 2024

These are both excellent points and we should make sure we also include them where is appropriate, if we didn't already (as the first about DOI in publishing session and the second in management of data). In this way we can connect data practices we suggest to lower risks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paolap @hot007