Site Menu
- Policy & Standards
- University
- Institutional Data
- Disclosure or Exposure of Personal Information
- Responsible Use of University Computing and Network Resources
- Archives and Records Retention
- Merchant Services & Use of Credit Cards
- Deployment and Use of Wireless Data Networks
- Statement on Public Records
- Draft Identity Theft Red Flags
- State & Federal
- Institutional Data
- Training
- Tools & Templates
- Standards & Frameworks
- FAQ
- Alternative Identifiers
- Data Classification and Access Control
- Gramm-Leach-Bliley Training
- Identity Theft Red Flag Training
- Information Security Implementation Plan
- Institutional Data Policy
- Institutional Data Policy Training
- Red Flags
- Restricted Data
- Social Security Numbers
- University Security Standards
- Campus Resources
- Contact Us
- Site Map
Information Security Implementation Plan
Overview
Executive Vice President and Provost Joseph Alutto, addressed the university's Vice Presidents and Deans regarding the protection of university network resources and sensitive information in an October 2007 memo. The provost has directed that each administrative unit and the colleges develop an implementation plan to address information security.
The objectives of the Information Security Implementation Plans are to:
- Protect and secure the university's restricted data
- Comply with the Minimum Computer Security Standards and protect the institution's devices and networks
- Educate users about appropriate practices and help them become the university's first line of defense
The creation of an implementation plan enables units to better understand their respective environments and helps the Office of the CIO in assisting these units meet the above objectives. Each unit was asked to provide a primary and secondary contact for overseeing the completion and execution of these plans. Units may identify additional representatives within their respective college or office to aid in completing the Information Security plan.
Timeline & Process
Initial reports are due from each of the colleges and administrative units on Wednesday, October 31st. Initial reports should be a consolidated report from that unit and are submitted via email to ITSecurityPlan@osu.edu.
Important Changes to Monthly Status Reports (as of 4/18/08):
- Changes have been made to the web form to obtain more specific information about the types of devices containing restricted data. A letter went out to all primary and technical contacts regarding these changes.
- Reporting will continue beyond the March 23rd 2008 deadline, moving now to a quarterly reporting cycle for all units and a monthly reporting cycle for any units who have not met expectations of compliance.
The 2008-2009 reporting dates are as follows:
- November 14, 2008
- February 20, 2009
- May 20, 2009
- August 20, 2009
- November 20, 2009
- A Word version of the new web form is available for download underneath Resources. Please download a copy of the instructions as well.
Monthly status reports are then required on the designated quarterly report date.
- Select members of each college or administrative unit can access the web form via this site.
- Download instructions on accessing the monthly status web form.
- Download a MSWord version of the monthly report web form to aid in collecting information within your unit.
Access Your Report
You can login to the monthly report web form using the link below. Please note that access is limited to those that are approved contacts for each unit. You will need to use your lastname.# and password in order to login. Be sure to download a copy of the instructions and our definition list to aid you in reporting.
A time-out error occurs after you have been logged into the form for 60 minutes. We have investigated this error and unfortunately cannot extend the login time.
To help avoid this, we provide an auto-prompt to submit your form at 45 minutes. After you press submit, you will receive a message to complete the rest of the form. This will help prevent the loss of your data.
Resources
- Download a MSWord version of the monthly report web form to aid in collecting information within your unit.
- Frequently Asked Questions on the Information Security Implementation Plan
- A list of resources for implementing the Information Security Plan including available workshops, security software and tools, and security contacts.
- Brochures & Handouts for educating faculty, staff, and students within your college or vice-presidential office
- The Office of the CIO Information Security group can answer questions and provide valuable insight on the availability and implementation of security tools and resources. Contact them at security@osu.edu.
Questions about the implementation plan should be directed to ITSecurityPlan@osu.edu
