风险评估 服务
The Information 安全 Office offers departments a range of information security assessments based on the National Institute of 标准 and Technology (NIST) framework and industry best practices to 帮助 you identify and prioritize risks to university information, 设备, 和系统. This includes but is not limited to:
- 俄亥俄州 Technology Reviews
- Technology reviews are required for all information technology, communication technology or software purchases/renewals, including "free" services and services developed in house.
- Vulnerability assessments
- General recommendations for reducing information technology risk to an acceptable level.
如何申请
To request a risk assessment, email security@俄亥俄州.edu with the following information:
- 部门名称
- Brief description of the services the department provides.
- Description of the data types the department processes (i.e. FERPA, Student Loan Data, PCI data, Research Data, PHI, etc.).
- Are you subject to any compliance requirements (i.e. HIPAA, ITAR, GLBA, PCI-DSS, etc.)?
- Main contact within the department to facilitate the risk assessment.
- Approximate number of employees.
- Approximate number of workstations and number of individual or unit that provides desktop management.
- List of systems the department uses and indicate if any are centrally managed.
Exception Process
For those that feel that they cannot meet the obligations set forth in a given newbb电子平台 Information 安全 Standard they must complete the Information 安全 Exception Request Form. Requests for exception from an Information 安全 Standard are reviewed by the Information 安全 Office and the associated risks with not meeting the standard are communicated back to the requestor and the appropriate individuals within the institution that have the authority to accept risk on behalf of the institution in accordance with newbb电子平台’s Information 安全 Risk Management 政策 (91.006).