Assess, Implement, Verify: The Ohio State University Information Risk Management Program

The Enterprise Security team at the Ohio State University is in the third year of implementing its innovative and successful information risk management program. The program has been responsible for measurable improvements to information security at the university. Additionally, the program has helped university departments understand where they have their greatest information risks, and then prioritize and plan which risks to address first. The program has also helped senior leaders understand the university's overall information risk profile. This session will describe the key elements of the program: assess information risk, implement information security, and verify compliance.

OUTCOMES: Learn about a light-weight method for assessing information risk across campus * Learn how to leverage collective knowledge to implement information security * Learn how to verifying compliance with self-assessments