College/Unit Information Security Coordinators
The Ohio State IT Security Policy specifies the requirement for establishing security representatives from colleges, units, and campuses. The security representative, known as the Information Security Coordinator serves as the unit liaison with Enterprise Security for security-related matters and activities, and is responsible for the execution of Security activities in the College or Unit.
- Primary point of contact for the implementation of the security framework in their unit
- Attends monthly Information Security Coordinator meetings
- Provides input and feedback on current and future security standards and initiatives
- Ensures the review of internal processes, standards, guidelines, requirements, and practices
- Coordinates unit-level efforts on regulatory compliance, including completion of annual surveys, assessments and Security strategies
- Identifies unit security training needs and works with the unit training coordinator to ensure completion of training requirements
- Facilitates the protection of institutional data collected in accordance with policies
- Facilitates remediation, recovery, and reporting of proven or suspected exposure or disclosure of protected information between unit and Enterprise Security
- Ensures the organization has defined and staffed a privacy role, if required
- Ensures communication of security information and reporting to the unit
- Represents their unit during security process & product evaluations
- Assists Enterprise Security’s development and delivery of security job aids and training documents
- Facilitates the completion of internal infrastructure, systems and third party risk assessments as required by the security framework
- Ensures Business Continuity and Disaster Recovery plans are created and tested
- Facilitates reporting of security metrics to Enterprise Security
- Coordinators in units covered by HIPAA regulations are the designated HIPAA Security Officer unless otherwise designated by unit leadership
Security Coordinator Skill & Training Requirements
Security Coordinators should meet the following requirements to best represent the Ohio State security practice and their unit:
- Must hold a position within the unit empowered to address security-related issues and concerns
- Must complete the Ohio State Institutional Data Policy Training
- Completion of Risk Assessment Training, delivered by Enterprise Security
- Must be able to commit a minimum of 24 hours a month to the Security Coordinator role
- Should complete formal security training, including SANS security management courses. Minimally, 6 hours (full day) of information security training per year.
- Should have technical IT security experience
- Should be familiar with unit IT practices
Units are asked to appoint Security Coordinators as a college and administrative office job duty. Replacement of the Security Coordinator appointed by the unit Leaders should be timely and gaps introduced by personnel changes should be kept to a minimum to ensure the unit is adequately represented in security conversations at all times.
Monthly Information Security Coordinator Meeting
Meetings are held regularly in room 285 of the Student Academic Services (SAS) Building, 281 W Lane Avenue. To be added to the attendee list and receive meeting invitations, please send a request to OSU-SecCoordAdmin@osu.edu.