OSU Stepping Up Information Security

In recent months, colleges like Indiana University and the University of Maryland have been victims of large data breaches. These breaches exposed personal data of many students and staff. OSU is continually making improvements to ensure similar events do not occur here. With hundreds of thousands of students’, alumni’s, and staff’s personal information stored on OSU’s servers, and with increasing cyber-attacks on large universities nationwide, OSU has developed a program to identify security risks and protect the massive amount of information stored within the university.

Last November, 161 OSU colleges and units were invited to complete the Information Risk Survey, which assessed 30 different information security risk areas.

Out of the 161 invited, an amazing 159 units (99%) participated. This exceptional participation level allows the OCIO and OSU to gain greater insight into how the university is managing its information risk and what risk areas need the most attention. It also demonstrates the units’ understanding of the importance of safeguarding the information entrusted to them.

The results from the survey were compiled in January and are available to individual colleges and units to prioritize and manage their own information risks. Enterprise Security can assess the aggregate data to identify security risks and provide appropriate training, software tools, and job aides.

With the results of the survey reviewed, the framework team is now waiting for units to submit their risk management strategies. The strategies will lay out a high-level plan addressing security risks identified in the survey and will be charted to show each unit’s progress over the next three years.

More information about this project is available by contacting Gary Clark or Jim Herbeck.