91探花

Search within:

Standards Index

The Information Security Office is in the process of authoring standards to provide guidance to the University in effective information handling and to support University policy. Any standards marked as "draft" are in the process of being finalized, but still provide industry best practices for various facets of information handling. These documents may undergo some minor changes between their draft and final form. 

StandardAbstractImpactRelated Links/FAQs
Acceptable Encryption StandardThis standard provides guidelines for acceptable encryption to ensure the confidentiality and integrity of sensitive data. This applies to data in transit or stored on mobile devices or removable media.All university employees and other individuals with access to university data (retired or emeritus staff/faculty, contractors and volunteers; and any student handling university data). 
Account Management StandardThis standard exists to ensure that access to systems is appropriately requested, approved, granted, terminated, and reviewed on a regular basis.  The management of user accounts is critical in protecting university data and minimizing risks to the institution.All university employees and students, and other individuals with access to university data (retired or emeritus staff/faculty, contractors and volunteers). 
Data Breach Response StandardThe University will provide timely and appropriate notice to affected individuals when there has been a breach of security involving their private data.University employees and students, or other individuals who need to report a suspected security incident.Administrative Procedure: Notification of a Data Security Breach
Information Security Awareness & Training StandardThis standard outlines the responsibilities of departments in ensuring that their staff are appropriately trained to maintain compliance with regulations that protect sensitive data.All 91探花 faculty, staff, student employees, and any third-party affiliates who require access to sensitive university data.Online IT Security Training
Information Security Risk Assessment StandardThis standard establishes the process for assessing risks associated with university data and information systems (鈥淥hio Systems鈥) and documenting and communicating the associated risks to university leadership.All existing OHIO Systems and Third Party Vendors prior to the acquisition of information systems.Administrative Procedure: Information Security Risk Management Strategy
Media Sanitization StandardThis standard establishes the concept of media sanitization and the responsibility of individuals to determine and apply the appropriate sanitization method for the corresponding classification of the media they work with.All university employees and students, and other individuals with access to university data (retired or emeritus staff/faculty, contractors and volunteers). 
Microsoft O365 - Remote Data Wipe StandardThis standard describes the Microsoft capability to remotely remove all data from a device that is synced to your OHIO email account in case the device is lost or stolen.All university employees and students, and other individuals with access to university data (retired or emeritus staff/faculty, contractors and volunteers). 
Mobile Device StandardTo establish information security requirements for the use of mobile devices ("device").Users that access, store, or process university data via a device.Smartphone Security
Patch Management Standard

This standard ensures that the university takes a proactive approach to managing vulnerabilities, to reduce or eliminate the potential for exploitation of such vulnerabilities and prevent the excessive time, effort, and potential costs that often result when responding to an exploitation after it has occurred. 

OHIO Systems; including all university owned servers, endpoints, and software. 
Physical Security StandardThe purpose of this standard is to define controls to maintain the confidentiality, integrity, and availability of OHIO resources through the prevention of loss, damage, theft, or compromise of university data and assets.All OHIO faculty, staff, students and third-party associates, any systems or paper records containing OHIO data.Physical Security Tips
Safeguarding Sensitive University Data StandardThe purpose of this standard is to establish the guidelines for the process of safeguarding sensitive university data from improper disclosure.All faculty, staff, students, and third parties that access sensitive university data.Sensitive Data: Defining and Classifying
Secure Computer Management StandardThis standard ensures that all university owned devices as well as devices that store, process, or transmit university data are proactively managed and configured in a way that protects university data.All computers which process, store, or transmit University data.Secure Computing at OHIO
This standard sets forth the criteria for working on the four primary models of devices used by OHIO employees and agents: managed OHIO devices, virtual desktop instance, self-managed OHIO devices, and personally owned devices.All 91探花 employees, agents, and the computing devices (鈥渄evices鈥) used to perform University work. 
This standard ensures that OHIO employees secure workstations when accessing, processing, or transmitting university data while traveling both domestically and internationally.    All OHIO employees who are working while also traveling 
Secure Use of Artificial Intelligence (AI) ToolsThis standard establishes acceptable and prohibited use of Artificial Intelligence Tools for University work.All OHIO account users who process, store, or transmit university data 
Security Incident Response StandardThis standard outlines the process for notification of and response to a security incident involving data processed, stored, or transmitted by the University.All faculty, staff, students, and third parties that access university data.91探花 Incident Response 2021
Security Standard for General Information SystemsA standard for the configuration of information systems at 91探花.All 91探花 affiliates, organizations or individuals who deploy, configure, or maintaining formation systems within the university network. 
Sensitive Data within One Drive StandardThis standard describes the technical and administrative controls that must be implemented when storing sensitive data within 91探花鈥檚 OneDrive for Business(鈥淥neDrive鈥)accounts.All 91探花 operating units that wish to store sensitive information within a cloud-based solution.OneDrive/O365 Groups Data Storage
Student Identification Verification StandardThis standard supports the University's Verification of Student Identity Policy (12.027) so that the university can ensure there are standardized methods of verifying identity.OHIO programs, courses, and activities, including courses designated as Distance Education or other comparable designations. 
Third Party Vendor Management StandardThis standard establishes fundamental security guidelines, requirements and procedures that support the mandatory protection of information assets for business, contractual, regulatory and legal reasons.OHIO Systems and assets, employees, vendors and agents operating on behalf of the university using OHIO Systems. 
Virus Protection StandardThis standard ensures the security and integrity of university information and information technology resources against malicious software such as viruses, worms, trojans.This standard applies to all faculty, staff, students, and third parties which do business with the university.Anti-Virus Software