Journal Author Blog: Posts http://www.isaca.org/Journal/Blog/Lists/Posts/AllPosts.aspx RSS feed for the Posts list. Fri, 24 May 2013 22:59:47 GMT Windows SharePoint Services V3 RSS Generator 60 Journal Author Blog: Posts /Journal/Blog/_layouts/images/homepage.gif http://www.isaca.org/Journal/Blog/Lists/Posts/AllPosts.aspx The Continued Evolution of the NCS IMS http://www.isaca.org/Journal/Blog/Lists/Posts/ViewPost.aspx?ID=175 Body:
Jacqueline MedinaJacqueline Medina, CIPP-IT, PMP
 
As the vanguard stage of the National Children’s Study (NCS) progresses, the leadership continues to consider the feasibility, acceptability and cost of various aspects of operations. The purpose of this is to settle logistics before the main study begins and to optimize participation and results over the course of the study. This includes an examination of the processes and products for data collection and storage, with the initial models described in the case study serving to advise future iterations. In particular, the decision makers are very aware of the effects that required security compliance had on the study centers and on the ability to collect, access and analyze data in a timely manner. Additionally, the costs of compliance within the two models were assessed and considered.
 
Recently, the study began the transition to a third information management system (IMS) and operations model. Responsibilities for different activities are delegated to the respective experts. The US is divided into four regions, and each is assigned a regional operating center (ROC) to oversee logistics as well as a hub to host the data collected for the region and to report it to a centralized data center. This new model allows the study to capitalize on some of the best aspects of the prior two models, while also facilitating the mission of the researchers by allowing more flexibility for the recruitment of participants as that process also evolves.
 
Each of the four regions is splitting responsibilities and security controls in different ways. As an example, one region’s ROC subcontracts data collection to a call center and to field collectors, with data flowing directly to the hub. The configurations in each practice have unique forms of defense in-depth, with layers of FISMA compliance applied as necessary, while still lowering the overall costs of compliance, since the hubs enforce many of the required security controls. They have all modified their systems as they identified optimal solutions earlier in the study. The centralized advisors (the NCS chief information officer [CIO], information system security officer, program office and mission assurance team) remain available to all users so that the study can capitalize on centralized security advice and decision making.
 
This model provides an opportunity to test the performance of four different configurations of hardware, software and personnel. Leadership will evaluate performance and the costs and ramifications of securing each configuration in order to advise the main study—optimizing the method to keep participants’ data secure while enabling robust data collection and analysis over the next quarter century.
 
Read Jacqueline Medina, Ryan Morrell, Dennis Pickett, John Lumpkin, Timothy McCain, Dina Drankus Pekelnicky, Alex Bengoa and David Songco’s recent Journal article:
Considerations for Ensuring Security of Research Data in a Federally Regulated Environment,” ISACA Journal, volume 3, 2013.
Published: 5/20/2013 7:26 AM
]]> Journal220 Thu, 16 May 2013 12:37:33 GMT http://www.isaca.org/Journal/Blog/Lists/Posts/ViewPost.aspx?ID=175