by Shawn Sines

Information Security is still a very serious concern and primary focus for the university. While the unit numbers reported during the IT Security Planning process regarding encryption and Minimum Computer Security Standards (MCSS) compliance were promising, the university as a whole has not reached its goal of 100% compliance. Executive Vice President and Provost Joe Alutto has asked that units continue to report and make progress with an eye toward reporting the university’s achievement to the Board of Trustees during the upcoming September meeting.

The continued reporting for the IT Security Plan does not follow the previous monthly schedule, instead units are expected to file reports on May 16, July 18, and August 15 for preparation of the September report. Units that require compensating controls or exceptions for devices can continue to request these allowances via the Information Security web site at www.infosec.ohio-state.edu/InformationSecurity/Controls.

This summer the remaining three standards of the University Computer Security Standards (UCSS) will go into effect. These standards outline security requirements for critical, database and web servers and expand the requirements for systems with these classifications beyond the minimum standard. For details, go to buckeyesecure.osu.edu/Policy/UCSS.