IT Security Liaison
The Role of the Information Technology Security Liaison at Ohio State University
The OSU IT Security Policy specifies the requirement for establishing security representatives from colleges, units and campuses. The security representative serves as the local liaison with the Office of the Chief Information Officer Information Technology Security team for security related matters and focus on managing the OSU IT security framework. The role of security liaison offers local units a voice in the creation of OSU’s security services and provides a single internal point of contact, allowing OCIO IT Security and the individual organizations to create a more direct and integrated working relationship.
The OCIO Security team is responsible for:
- Conducting, reviewing, updating and administering the IT security program
- Developing and maintaining IT security guidelines, practices, standards, and policies to protect university data assets and mitigate fraud
- Developing and maintaining IT security training and security standard compliance reporting
- Providing an annual report on the IT security program effectiveness
- Directing the creation of IT security instruments
- Managing the OSU enterprise vulnerability management practice and associated compliance activities
Over 30 OSU colleges, units and campuses designated an official security representative to serve on the Enterprise Security Committee facilitated by the OCIO IT Security team. The security representative will be:
- Reviewing internal processes, standards, guidelines, requirements and practices.
- Updating internal control structures and standard operating procedures
- Conducting annual reviews for security compliance
- Providing IT security impact assessments and feedback
- Identifying IT security training needs and completing training requirements
- Protecting identifying information collected in accordance with policies
- Reporting proven or suspected exposure or disclosure of personal information
Designated IT security liaisons are expected to regularly attend monthly Security Working Group (SECWOG) meetings facilitated by the OCIO IT Security team.
IT Security Advocacy Responsibilities
Security liaisons also serve as IT Security Advocates and will be responsible for key tasks:
- Support Communication of IT security information to the unit
- Represent the area during IT security process & product evaluations
- Attend regular IT security meetings (SECWOG, etc.)
- Provide input and feedback on current and future IT security standards and initiatives
- Assist OCIO IT Security’s development and delivery of IT security job aids and training documents
- Report unit concerns and considerations related to IT security
- Recommend faculty and staff experts to assist in creation and review of IT security instruments
- Provide OCIO IT Security with regular status information such as critical server status and vulnerability management followup
- Act as a key point of contact during IT Security incidents involving the unit
IT Security Liaison Skill & Training Requirements
The security representative candidate should meet the following requirements to best represent the OCIO IT Security practice and the local unit:
- Must complete OSU IT Security Representative Training
- Must hold a position within the unit empowered to address IT security related issues and concerns
- Should have technical IT security knowledge
- Should be familiar with unit IT practices
- Must complete the OSU Institutional Data Policy Training
- Must be able to commit an average of 2-4 hours a month to IT security liaison role
Units are asked to appoint security representatives with an expectation of a minimum two year term. Replacement of the IT Security Liaison appointed by the unit IT Leaders should be timely and gaps introduced by personnel changes should be kept to a minimum to ensure the unit is adequately represented in security conversations at all times.
The Current IT Security Liaison Representatives (as of September 2011)
| Name | Area/College/Department | |
| Brad Roesch | Moritz College of Law | roesch.1@osu.edu |
| Veit, Joseph | Office of Sponsored Programs |
veit.7@osu.edu |
| Lucas Damicone | Office of Student Life | damicone.2@osu.edu |
| Jim Kerr | OSU Regionals |
kerr.63@osu.edu |
| Brent Roberts | Office of Human Resources |
roberts.73@osu.edu |
| Michael Paktinat | College of Social Work | Paktinat.1@osu.edu |
| Brian O'Brien | Office of the CIO |
obrien.9@osu.edu |
| Marc Uhrich (uhrich.1) | Graduate School | uhrich.1@osu.edu |
| Beth Warner | OSU Libraries | warner.496@osu.edu |
| Erik Yarberry | College of Nursing | eyarberry@con.ohio-state.edu |
| Jim Giuliani | College of Engineering | giuliani.6@osu.edu |
| David Sweasey | College of Arts & Sciences | sweasey.1@osu.edu |
| Tremyne Smith | Medical Center/CoM | Tremayne.Smith@osumc.edu |
| Don Shymanski | College of Public Health |
dshymanski@cph.osu.edu |
| Ron Salyers | Enrollment Services & Undergraduate Education |
rsalyers@esue.ohio-state.edu |
| Jack Fowble | College of Pharmacy | fowble@pharmacy.ohio-state.edu |
| Brian Wilson | Fisher College of Business |
wilson@fisher.osu.edu |
| Geoff Wiggins |
College of Optometry |
GWiggins@optometry.osu.edu |
| TBD | Office of International Affairs | |
| Adam Britt |
College of Veterinary Medicine | britt.40@osu.edu |
| Matt Gonzales | College of Food, Agriculture and Environmental Sciences |
gonzales.121@osu.edu |
| Caleb Pullium | John Glen School of Public Affairs | pulliam.13@osu.edu |
| Ken Cherrington | Office of Academic Affairs | cherrington.2@osu.edu |
| Joe Roush | College of Education & Human Ecology | jroush@ehe.osu.edu |
| Ben Bettin | Office of Continuing Education | bbettin@ced.osu.edu |
| Gary Clark | Office of Athletics | clarkg@buckeyes.ath.ohio-state.edu |
| Mark Griffin |
Office of Diversity and Inclusion | griffin.337@osu.edu |
| Jeff Trebonik | College of Dentistry | Trebonik.1@osu.edu |
| David Savage | College of Dentistry (alternate) |
savage.63@osu.edu |
| Gary Rine | Business & Finance/Administration & Planning | rine.2@busfin.osu.edu |