The Office of Information Security is your contact for questions about OSU's Information Security Policies and Procedures. Our mission is to raise OSU's standards and practices for secure computing.

To do this, the OIS coordinates with academic and administrative units to develop policy, benchmark and assess our level of risk, and educate and inform our community on best practices.

Security Policy

OSU's IT "security policy" is derived from two individual polices:

  • The Acceptable Use of Computing Resources policy, which describes the expectated behavior for individuals using OSU network and computing resources, and,
  • The University Data Management, Classification, and Incident Response policy identifies the various types of information at OSU, the means by which information is identified as requiring protection, the protections required, and the process that happens when a failure of those protections occurs. Additional information on the University Data Management, Classification, and Incident Response policy can be found here.

 

Reporting Security Issues
If you are the victim of a security-related issue, please use the following form to report it to the Office of Information Security.

Report an Incident

In-Person Security Awareness Training

The Office of Information Security provides security training for departments on campus that deal with Confidential and Sensitive Information, including Personally Identifiable Information (PII). To learn more about this training, or to schedule a training event for your department, please contact Dave Nevin, Chief Information Security Officer.

Resources for IT Professionals

The Office of Information Security is here to assist you in your efforts to keep your network resources protected. We offer Risk Assessment and Forensics services as well as vulnerability scanning. To learn more about the resources available for IT Professionals, please contact Bob Henry, Senior Security Analyst.