Risk Management

Providing services to the university so that cybersecurity risk is understood and mitigated.

Risk Assessments and Consultation Team

The mission of the Risk Assessment and Consultation team is to provide security consulting and risk management services to Ohio State staff. Our services enable the university to make informed decisions based on opportunity and risk, to reliably use applications and services and to minimize unexpected security costs. Our main objectives are to:

  • Secure the Enterprise Project, data warehouse and Canvas initiatives to minimize unintended data exposure;
  • Enable security for major cloud service offerings (e.g. AWS, Azure) to securely empower university cloud-driven initiatives;
  • Simplify, improve, automate and expand third-party and internal risk management processes to reduce the risk of exposing institutional data and to achieve framework compliance
  • Improve the security of mobile apps used or developed by the university to reduce risk for all app user groups
  • Increase the effectiveness of implemented university security controls using security testing and to reduce the risk of exploitation of critical university systems

Compliance, Policies & Contracts

A large university like Ohio State requires a comprehensive set of policies to keep everything running smoothly. In addition, the university observes the rules of numerous government agencies and other regulating organizations. The mission of the Compliance, Policies, and Contracts is to provide policy consultation to Ohio State staff, in order to:

  • Help them interpret and adhere to Ohio State policies;
  • Advise Ohio State staff on contract development to meet security standard;
  • Develop policies and review policies to ensure agreement with the IT policies;
  • Lead the IDCC committees to review and update the university data classification documents; and
  • Interpret and work with staff across the university to comply with external regulations, standards and policies.

Security Awareness

Computers are everywhere; they invade virtually every aspect of our lives.  From the moment we rub the sleep from our eyes to check our social media, to the moment we set the alarm on our phones before we close those eyes, technology is the tool of choice for we humans.

Unfortunately, we seldom think of the risks we impose on ourselves through the use of these tools.  That is why The Security Awareness and Training Team’s mission is to help users and the university community make better decisions about how to protect themselves and the university. 

Our awareness and training efforts are designed to:

  • Foster a higher level of interest in good security hygiene
  • Better understand the risky behaviors that endanger ourselves and the university
  • Educate users about the ways Enterprise Security is here to help and make things simpler
  • Assist researchers in understanding and navigating research regulations and risk
  • Provide greater understanding of how to secure ICS/SCADA/IoT systems

Current projects: 

  • Phishing Education:  Many staff and faculty members know us through our work in protecting the university from malicious phishing emails.  We conduct occasional phishing exercises to provide education to users.  Maybe you've seen one of our phish come swimming through your inbox, just remember, we’re the “good guys”.
  • Awareness and Training:  We assist the university units by providing security training that strengthens the technical abilities of their users while helping them comply with regulations.
  • Incentive Platform:  Ohio State leads.  We do so again with this innovative platform to “gamify” security awareness.  The platform will focus on a positive reinforcement approach; increasing learning engagement through the principles of gameplay, competition and reward.

Team Emails

Risk Assessment TeamCIO-ITRiskAssessments@osu.edu​
Compliance, Policies and Contracts Team: riskmgmt@osu.edu
Security Awareness Team: SecurityAwareness@osu.edu