I am excited to have this opportunity to introduce myself and tell you about some important challenges facing our OIT team.

First, I’ll share a little about me. I have worked in higher education instructional design, academic computing, and instructional technology for twenty years. Most recently, I was the Vice Chancellor and CIO for the Pima Community College District in Tucson, Arizona. At PSU, I am responsible to concentrate on user support, customer relations, project management and strategic planning. I work directly with CIO Mark Gregory and Janaka Jayawardena, Associate CIO for Technical Services.

A lot of attention in today’s organizational environment is focused on information security and PSU, like most universities, sees making our systems secure as a top priority. What is the first thing that comes to your mind when you think about Information Security? Is it one of the recent news stories covering data loss or theft at a university? Perhaps you are beginning to wonder how your university is guarding your personal information. Or maybe, you are starting to worry about all of the data you carry on a laptop, iPOD, flash drive or other portable storage device. The news is consistent and troubling. If you are concerned about these questions, you are not alone. The table below shows the frequency and severity of some of the news stories.

In June, the Oregon State Board of Higher Education approved the new Information Security Policy for all OUS institutions (OAR 580-055-0000 through 0080). Following that approval, PSU began to launch the necessary steps to ensure that our campus complies. While the policy and OIT will provide the framework for our information security, we also know that we have to rely on every PSU employee to be knowledgeable of this initiative, our policy for compliance, and what it means related to their individual work. You can help by reinforcing and supporting the framework with employees for whom you provide supervision, guidance and/or direction. Here are a few significant points we plan to address:

• PSU will develop security awareness and training programs for all users of PSU information assets.
  
• The Chief Information Security Officer will have specific, day-to-day responsibility for the security program. (PSU is ahead of other OUS institutions in that we have had a CISO for the past year.)
  
• Policies will be created to address requirements for essential and highly sensitive systems, personally identifiable information, account management, security operations (particularly related to loss of personally identifiable information), incident response, physical protection of essential and highly sensitive information assets, portable memory devices, and disposal procedures that ensure no loss of stored data.
  
• OUS Internal Audit will conduct periodic information security policy audits to ensure compliance with OUS and PSU policy.

To start, OIT will launch a new account provisioning and password management system called OAM - the Odin Account Manager. A single login ID (named the Odin ID) and a single password will be synchronized across all resources. This system will enable new employees to activate their accounts for the PSU Information System (Banweb), their workstation login, e-mail account and wireless network access via a secure online web application. The goal of OAM is to increase security and convenience by providing much of the online access management in a self-service manner.

The new policy, security awareness campaign, and OAM are important first steps in improving the security of our data. As administrators, we all share responsibility to review the use and storage of data in our areas. Look for more information about the new PSU information security policy and OAM over the next few months. In the meantime, I encourage you to examine your work habits.

• Do you ever leave the office with out logging out of your computer?
• Do you have any confidential papers on your desk?
  
• Do you have passwords posted on your monitor or under your keyboard?
  
• Are confidential files stored in unlocked cabinets?
  
• Have confidential files been tossed in the recycle bin rather than shredded?
  
• Do you email sensitive information without encrypting it?
  
• Do you take sensitive information home?

These are all areas of information security that should be examined. Our training sessions will offer “new habits” to address these items and more. The entire OIT staff looks forward to working with you on these projects. Together we can make a difference, protect our faculty, student and staff data, and stay out of the headlines.