. .

Information Security Implementation Plan

Overview

Executive Vice President and Provost Joseph Alutto, addressed the university's Vice Presidents and Deans regarding the protection of university network resources and sensitive information in an October 2007 memo. The provost has directed that each administrative unit and the colleges develop an implementation plan to address information security.

The objectives of the Information Security Implementation Plans are to:

  • Protect and secure the university's restricted data
  • Comply with the Minimum Computer Security Standards and protect the institution's devices and networks
  • Educate users about appropriate practices and help them become the university's first line of defense

The creation of an implementation plan enables units to better understand their respective environments and helps the Office of the CIO in assisting these units meet the above objectives. Each unit was asked to provide a primary and secondary contact for overseeing the completion and execution of these plans. Units may identify additional representatives within their respective college or office to aid in completing the Information Security plan.

Timeline & Process

Initial reports are due from each of the colleges and administrative units on Wednesday, October 31st. Initial reports should be a consolidated report from that unit and are submitted via email to ITSecurityPlan@osu.edu.

Important Changes to Monthly Status Reports (as of 4/18/08):

  • Changes have been made to the web form to obtain more specific information about the types of devices containing restricted data. A letter went out to all primary and technical contacts regarding these changes.
  • Reporting will continue beyond the March 23rd deadline. Units will be expected to submit reports on May 16th, July 18th and August 15th to prepare for a report to the trustees by the Provost in September.
  • A Word version of the new web form is available for download underneath Resources. Please download a copy of the instructions as well.

Monthly status reports are then required on the last working day of each month. Beginning in November, these reports will be collected using an online web form. Colleges and offices will receive a reminder around the 1st of each month.

Access Your Report

You can login to the monthly report web form using the link below. Please note that access is limited to those that are approved contacts for each unit. You will need to use your lastname.# and password in order to login. Be sure to download a copy of the instructions and our definition list to aid you in reporting.

A time-out error occurs after you have been logged into the form for 60 minutes. We have investigated this error and unfortunately cannot extend the login time.

To help avoid this, we provide an auto-prompt to submit your form at 45 minutes. After you press submit, you will receive a message to complete the rest of the form. This will help prevent the loss of your data.

Resources

Questions about the implementation plan should be directed to ITSecurityPlan@osu.edu