Nelson, J., & Donham, B. (2022, August), Institutional Review Panel for Cybersecurity Research and Education  Paper presented at 2022 ASEE Annual Conference & Exposition, Minneapolis, MN. 10.18260/1-2--40437

\bibitem{asee_peer_40437}
  Nelson, J., \& Donham, B. (2022, August), \emph{Institutional Review Panel for Cybersecurity Research and Education}
  Paper presented at 2022 ASEE Annual Conference \& Exposition, Minneapolis, MN.
  10.18260/1-2--40437

James Nelson and Brent Donham.  "Institutional Review Panel for Cybersecurity Research and Education".  2022 ASEE Annual Conference & Exposition, Minneapolis, MN, 2022, August.  ASEE Conferences, 2022.  https://peer.asee.org/40437 Internet.  06 Feb, 2025

\bibitem{asee_peer_40437}
  James Nelson and Brent Donham.
  "Institutional Review Panel for Cybersecurity Research and Education".
  \emph{2022 ASEE Annual Conference \& Exposition, Minneapolis, MN, 2022, August}.
  ASEE Conferences, 2022.
  https://peer.asee.org/40437 Internet.  06 Feb, 2025

@INPROCEEDINGS{asee_peer_40437
author = "James Nelson and Brent Donham"
title = "Institutional Review Panel for Cybersecurity Research and Education"
booktitle = "2022 ASEE Annual Conference \& Exposition"
year = "2022"
month = "August"
address = "Minneapolis, MN"
publisher = "ASEE Conferences"
note = {https://peer.asee.org/40437}
number = {10.18260/1-2--40437}
}

TY  - CPAPER
AB  - Cybersecurity is an emerging field with significant implications as the use of interconnected devices increases. We are now at a point where the number of connected devices significantly exceeds the world population. [1]. Each of these devices represents a potential entry point for individuals with malicious intentions. As such, many contend that cybersecurity is national security extending across multiple governmental, industry, and consumer sectors.

To mitigate new and current threats as cybersecurity evolves into the future, considerable education and research is needed on both the operational technology and network sides of the industry. This research and education, by its nature, involves vulnerability testing, intentional network intrusion, virus testing and ethical hacking. The conduct of these activities has associated internal and external risk, as well as ethical considerations. Typically, these tasks require exceptions to the policies and controls in place to protect information. To manage the risk and ensure ethical conduct, a policy requiring review and approval of such activities is necessary. Such a policy, although different in focus, is similar in concept to policies for research and education involving humans and animals.

Presented in this paper is the development of the Cybersecurity Institutional Review Policy and associated Cybersecurity Institutional Review Panel (CIRP) implemented in the [Academic Unit] on the [System Name] University System. An associated review form is expected to be submitted and approved prior to all research and education activities involving cybersecurity. This includes class projects, independent research and study, and faculty research. The CIRP reviews all requests and evaluates if the compensating controls are acceptable. If predetermined risk levels are not exceeded, the policy includes provisions for an expedited or shortened review. The rationale for the provisions in the policy, the levels of review and the makeup of the review panel are discussed. The implemented policy and required review form are included as appendices.
AU  - James Nelson
AU  - Brent Donham
CY  - Minneapolis, MN
DA  - 2022/08/23
PB  - ASEE Conferences
TI  - Institutional Review Panel for Cybersecurity Research and Education
UR  - https://peer.asee.org/40437
DO  - 10.18260/1-2--40437
ER  -