Organizing, Measuring, and Managing Information Risk at The Ohio State University

Tuesday, May 05 | 2:30PM–3:30PM | Conrad B, Second Floor
Session Type: Professional Development
In 2013, the Enterprise Security team at OSU found itself in an unenviable position: its security program was narrowly focused on IT risk, not information risk; the program was not consistently implemented; and there were no metrics that documented how well information risk was being managed. In response, the team launched an ambitious new program to organize, measure, and manage information risk both for individual units and for the university as a whole. This session will discuss Ohio State's process for developing and implementing a successful, prioritized, flexible, and metrics-driven risk management program in a university environment.

OUTCOMES: Learn how to structure and organize information risk * Learn how to create an information risk survey for performing light-weight risk assessments * Learn how to create 3-year risk management strategies


  • Jim Herbeck

    Lead Security Analyst, Ohio State University

Resources & Downloads