|
Information Security Awareness |
| |
|
Overview
|
| |
|
The purpose of this project is to develop a comprehensive Information Security Awareness program and implement it across the OSU System. One component of the program is to develop a web-based security awareness training module that is mandatory for all OSU system employees and students to complete. The curriculum will be developed by IT Systems Security, and course delivery to faculty and staff will be facilitated by the OSU Human Resources department.
|
| |
|
It is recommended that the guidelines set forth in the NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program, as well as other sources, be considered as a guide to developing the program.
|
| |
|
Business Case
|
| |
|
The increasing number of information security incidents has highlighted the need for a formal security awareness program for the OSU System. Additionally, areas falling under federal guidelines such as Center for Disease Control and Health Information Portability and Accountability Act (HIPAA) must adhere to a strict user-training program.
|
| |
|
Implementing a mandatory information security awareness program has been requested by OSU System CEO and President David Schmidly, and is a recommendation from the 2004 IT System Security Report.
|
| |
|
Project Status
|
| |
|
As of August 4 the team has completed the curriculum and finished the initial round of internal testing within the IT department. We plan to move the curriculum to the new Desire 2 Learn course management system when it goes live later this summer and work with the IT Cabinet to review and update the content.
|
| |
|
This project is scheduled to be completed by December 31, 2006.
|
| |
| View other projects |
| |
|
