An ongoing challenge to managing information security at Ohio State is making sure university organizations comply with federal and state regulations regarding privacy and security. That’s why Enterprise Security has released updated versions of Ohio State’s Information Security Standard (ISS) and Information Security Control Requirements (ISCR):
One of the benefits of higher education is the collaborative nature of our institutions. We collectively appreciate being able to learn from each other and leverage common experiences. Ohio State frequently receives inquiries from others in higher ed with regard to how we are managing our information and IT security.
Everyone who uses university data is responsible for ensuring it remains secure. We have recently changed the classifications on some data elements to better balance operational needs with security requirements.
If your role requires using restricted, private or internal data, please review these updated classifications to ensure you are taking appropriate measures to protect this information.
In the course of your work for Ohio State, you are given access to institutional data. As an institutional data user you must be aware of the responsibilities entrusted to you in preserving the security and confidentiality of this information.
Enterprise Security continues to make progress on the Framework Tools project, the ongoing initiative that provides Ohio State with the tools to organize, measure and manage information risk. The project continues the development and implementation of the overall Information Risk Management Program established in FY14.
To recap where we began, during November 2013, 159 university organizations completed the Information Risk Survey, which assessed 30 different information security related risk areas, an unparalleled accomplishment that provided a much-needed baseline.
Fast-forward to 2015 and support from university organizations has never been stronger. Through additional understanding from increased collaboration, the 159 university organizations have been streamlined into 113. All university organizations completed the second annual survey in October 2014 as well as their individual risk management strategies in December 2014. The overall risk scores improved by 10% over year one! As an added measure of success, the Information Risk Management Program achieved 100% participation within one year of its establishment!
