Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make changes to comply with Harvard level 3 privacy rules for our NERC data #48

Open
joachimweyl opened this issue Feb 1, 2023 · 7 comments
Open

Make changes to comply with Harvard level 3 privacy rules for our NERC data #48

joachimweyl opened this issue Feb 1, 2023 · 7 comments
Assignees
@msdisme

Comments

@joachimweyl
Copy link
Contributor

joachimweyl commented Feb 1, 2023
edited
Loading

Next Steps

  • We need to make all level-3 data private. What is the best way forward?
    • Create copies of the data in private repos and then obfuscate the current public repos?
    • Other options?
  • We need to make sure that the changes we make do not break any of our automation we have in place

Harvard Data Security Level 3

Link to Harvard Data Security Level-3

Links shared with Havard Data Security:

Nathan Hall's response:

"Hi Justin,

Much of that would be considered Level 3 data (specifically non-security technical specifications/architecture schema). Repositories with this level of detail about Harvard systems should not be public. Obfuscated/generalized specifications or reference architecture could be shared in public repos.

Nathan"
@msdisme
Copy link

msdisme commented Feb 3, 2023

We don't think this information is actually a security risk. the architectural details are the point- one of the goals of this project is to expose the architectural details so that this may be understood and other sites may reproduce.

@pjd-nu
Copy link

pjd-nu commented Feb 3, 2023

"Level 3" is really restrictive - https://security.harvard.edu/data-classification-table
if any of our stuff gets classified at that level we're probably screwed - this definitely needs to be appealed. Among other things, it would seriously limit the ability for non-Harvard employees to access the information, and would prevent it from being used in published research papers.

@msdisme
Copy link

msdisme commented Feb 6, 2023

Scott and Wayne to discuss tuesday having Scott/Wayne present to security team with context.

@msdisme
Copy link

msdisme commented Feb 15, 2023

sent email to scott and wayne asking for an update.

@msdisme
Copy link

msdisme commented Mar 1, 2023

While we do not believe that sharing this information publicly is an security risk we would like to better understand why Harvard feels it is.

The value of the data is in the relationships so if the data is to be obscured the relationships should be maintained; we believe doing so is going to be pretty diffic

@msdisme
Copy link

msdisme commented Mar 15, 2023

With Scott and Wayne, they are out for next 3 weeks. I am moving to April Sprint. This is tracking for others work.

@msdisme msdisme closed this as completed Mar 29, 2023
@msdisme msdisme reopened this Mar 29, 2023
@msdisme
Copy link

msdisme commented Apr 25, 2023

Feedback from Scott - ignoring this for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msdisme msdisme

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pjd-nu @msdisme @joachimweyl