- Secure Remote Work
- Infosec Guidebook
- Awareness & Training
- GRC Team Services
- Policies & Rules
If university personnel want to implement new services into the enterprise, a Higher Education Cloud Vendor Assessment Tool must be completed. This process is a questionnaire framework specifically designed to measure how a third party vendor's services line up with university information security policies. OIS may direct that other vendor assessment processes be undertaken on a case by case basis. Contact OIS for a consultation.
OIS supports the Institutional Review Board's commitment to research by working to protect the rights and welfare of human subjects who participate in OSU-administered research efforts. Because many of these research projects utilize protected data, OIS is tasked with reviewing all Level 3 project data security plans.
Official travel as an OSU employee must be reported to the university. In cases where official travel sends a university employee to a country designated as a high risk for data compromise, a data security consultation with OIS is required. OIS will provide a consultation to travelers to low/moderate risk countries upon request.
OSU personnel may register for foreign travel Here.
Sometimes, departments must ask for a policy exception to one of the information security policies set by OIS. These policy exceptions are reviewed on a case by cases basis, and are only granted if specific criteria are met. If your department is requesting a policy exception, please submit your request well before the policy deadline.
IT risk assessments are an essential service used to evaluate the university's overall security posture. Risk assessments enable OIS and other stakeholders to collaborate by framing the entire organization from a risk-based perspective. Risk assessments also help to determine the value of various types of data generated and stored across the university enterprise.
Vulnerability management is a continuous process that seeks to identify vulnerabilities. These vulnerabilities can then be remediated through patching, or through re-configuration of security settings. This is done by identifying, categorizing, prioritizing, and resolving vulnerabilities in operating systems, enterprise applications (whether in the cloud or on-premises), browsers, and end-user applications.
Tools that are critical to OSU's business functions (Canvas, etc.) must be properly assessed prior to launch. OIS conducts these assessments, and must provide certification that a service has met the requirements to operate before it can run. Sometimes, this certification includes constraints in the event that a security issue is identified during assessment.
Don't see the service you're looking for? The Office of Information Security is happy to answer any questions related to information security.