91̽»¨

University Community

IT Standing Committee: Information Security approves fourth group of Information Security Standards

91̽»¨'s Information Security Governance Standing Committee is charged annually by the IT Strategy and Governance Committee and is empowered to inform strategy and decision rights for all University information security matters. This includes establishing roadmaps, shepherding initiatives, and producing clearly defined decision authority and escalation paths.   

One of the top initiatives of this committee is the creation of Information Security Standards that serve to guide the University community on how best to secure the technology that accesses, stores, processes, or transmits University data.    

The Information Security Governance Standing Committee recently approved three new standards as follows: 

Account Management Standard

This standard outlines how to appropriately manage accounts that provide access to University systems, both those centrally managed by OIT and those managed at the department or unit level. 

  • IT Impact: OHIO IT Professionals will use this standard as a guide to ensure that access to systems is appropriately requested, approved, granted, terminated, and reviewed on a regular basis.
  • OHIO Community Impact:
    • University faculty and staff members who are responsible for system administration will use this standard as a guide to ensure that access to systems is appropriately requested, approved, granted, terminated, and reviewed on a regular basis. All accounts created for University purposes are within this standard’s scope. Some examples include, but are not limited to, a department’s social media account, accounts for third-party services or applications, or local accounts to systems.
    • As a reminder, all OHIO community members have a responsibility to adhere to the University Credentials Policy (91.004) when granted access to University systems. 
       

Media Sanitization Standard

This standard outlines the proper ways to clear, purge, or destroy physical and digital media prior to its disposal, release, or reuse. Proper media sanitization ensures University information is not unintentionally disclosed to unauthorized viewers.

  • IT Impact: OHIO IT Professionals will ensure that when disposing, releasing or reusing digital media that the requirements set forth in this standard are met.
  • OHIO Community Impact:  All University faculty, staff, students, and any individuals who dispose, release, or reuse digital media have a responsibility to ensure the requirements set forth in this standard are met or work with their assigned OHIO IT professional staff member to meet the requirements of the standard.  

Secure Use of Artificial Intelligence (AI) Tools

This standard provides guidance on how to use AI tools including but not limited to ChatGPT, Google Bard, Bing, and Dalle 3 safely without putting institutional, personal, or proprietary information at risk. Use of AI is permitted if publicly available or low impact information is used.  Sensitive Data shall not be entered or accessed using these tools.

  • IT Impact: OHIO IT Professionals have a responsibility to ensure the individuals they interact with are aware of this standard.
  • OHIO Community Impact: All OHIO faculty, staff, and students have a responsibility to ensure that sensitive University information is not entered into AI tools.  

All Information Security Standards have an exception process available, should an individual or unit have circumstances preventing them from complying with a standard.    

The 91̽»¨ community is encouraged to read the full standards by visiting the Information Security Standards Webpage

Published
January 25, 2024
Author
Staff reports