The CIO Advisory Community, which represents IT leaders and interested faculty and researchers from across the university, was invited to engage in a community conversation on how the university could advance the IT Security Framework and define recommendations to increase the university’s level of maturity in IT security.
The Office of the Chief Information Officer (OCIO) hosted the forward-looking and open conversation in early February, with the goal of increasing awareness of the current IT security landscape and having a community conversation about the best ways to ensure a comprehensive IT security environment through the IT Security Framework.
The IT Security Framework provides the university a set of internationally recommended best practices to help assess areas of IT security and evaluate risk. Under the Framework, the university is developing a series of policies, practices, and processes that best meet our unique environment. For further information on the development of the Framework, visit BuckeyeSecure.
The questions, key concerns, and recommendations that resulted from the Community conversation involved promoting further and deeper engagement between the IT community and the Office of the CIO on the critical issue of securing Ohio State’s valuable data resources.
During the meeting, the community was provided eight opportunities to host conversations. The following questions were raised:
- How do we educate and engage individual clients and end users?
- How do we advance the university’s adoption of the IT Security Framework without significant negative impacts to teaching and research?
- How do we deal with situations where, as IT leaders, we are asked to access someone’s information?
- Why are we not moving to universal 2-factor authentication?
- Where do you draw the line between secure and paranoia?
- Which policies and procedures need to be modified/changed in order to reduce resistance to security policies being implemented?
- The role of lifecycle management to mitigate exposure risk; how to integrate into the security process.
- Central versus distributed organizations and how that impacts speed and implementation.
Actionable steps from these conversations are now being developed, which will expedite the IT Security Framework across the university. The OCIO will continue to work closely with its university partners on this and other IT security activities.