Information Security Incident Response Management Policy

Ohio State provides secure networks and systems to protect its institutional data. This requires a conscious and deliberate understanding of the ever-changing threats that could breach our networks and systems, and possibly result in a loss of university data.

The Information Security Incident Response Management policy provides guidance on the applicable reporting, investigation, and notification requirements. All information security events must be reported to Enterprise Security because:

  • Reporting and investigation is required even for security events that do not include an information security breach.
  • Laws, regulations, contractual agreements, and industry regulations require specific notifications whenever there is a security breach.

The Information Security Incident Response Management Process includes more detailed process information. There are references and hyperlinks in the policy that you can explore for more information. All security events should be managed and reviewed in accordance with the policy.

View the Policy