The greatest perceived information security risk faced by organizations is human fallibility. Mitigation of this risk is typically addressed by the implementation of policy and procedures, technical solutions such as firewalls and anti-malware software, and security awareness training. While the organization is in the process of addressing the policy/procedure and technical side of the human equation, a comprehensive security awareness program is critical to protecting OSU's data systems and community.
Dave Nevin, IT Manager with Information Services, is leading IS's security awareness campaign.
The initial stage of the Security Awareness Program is the development of a website. Committee members were identified to vet the content of the site. Information will specifically target OSU students, employees, and computing professionals. The student website launched on September 23, 2011; visit it at oregonstate.edu/be_aware. Information for employees and computing professionals will be added in 2013.
In-person training for personnel dealing with information classified as "privileged" began Fall Term during 2011 Training Days and will continue throughout the 2013 fiscal year.
Training, either in person or on the website, will concentrate on the following areas:
The task force that initiated this campaign was as follows. The initial task force has since disbanded.