OIT News
 

Three New State IT Security Policies Issued

 

Issue Date: January 2007

 

Source: IGD, Statewide IT Policy

 

On January 26, 2007, the Office of Information Technology published three new information technology security policies. The new security policies build upon Ohio’s information security policy framework, adding sound industry practices that will assist in securing the critical information and services entrusted to the state. Pursuant to §125.18 of the Ohio Revised Code, security policies were issued that address the following areas:

 

  • Ohio IT Policy ITP-B.8, “Security Education and Awareness”: Defines guidelines for developing effective security education and awareness programs that will not only improve security awareness within the state, but will also establish individual responsibility.

  • Ohio IT Policy ITP-B.10, “Security Notifications”: Identifies security notification requirements regarding content, presentation, and legal considerations. Notifications provide the opportunity to disclose the potential implications of unauthorized access, information misuse, and data loss and corruption. Sufficient security notifications can assist in deterring potential attackers.

  • Ohio IT Policy ITP-B.12, “Intrusion Prevention and Detection”: Establishes requirements for the creation of an intrusion prevention and detection capability that is designed to prevent, monitor and identify system intrusions or misuse.

 

The state IT policies may be obtained online at www.ohio.gov/itp. Each policy was subject to a rigorous research, development and quality control process. The process involved the efforts of agency chief information officers, industry security experts, legal counsel and a multi-agency working group representing 13 state agencies.

 

Comments, questions or inquiries may be directed to:

 

Statewide IT Policy

Ohio Office of Information Technology

Investment and Governance Division

30 E. Broad St., 39th Floor

Columbus, Ohio 43215-3414

Telephone:        (614) 644-9352

Facsimile:         (614) 644-9152

Email:                State.ITPolicy.Manager@oit.ohio.gov