As colleges and universities gear up for National Cyber Security Awareness Month in October, the IT Forum would like to share some insights from our research on cyber security awareness. We uncovered an institution educating both administrative and academic leadership and staff about security controls through the use of university-wide dashboards.
A tool for self-assessment and benchmarking
The security team at The Ohio State University built a university-wide dashboard to educate board members on unit-level adherence to security controls. The dashboard allows board members to quickly identify controls that are working well, outliers that need additional support, and campus-wide issues that should prompt a systemic fix. OSU’s innovation was to repurpose the data for unit-level scorecards, and help unit managers understand their security posture relative to peer departments.
To enfranchise business and academic leaders in cyber security efforts, OSU’s security team uses an internal survey to populate a unit-level scorecard, showing how each department compares to peer units (e.g., History is compared to other Academic units, while Procurement is compared to other Administrative units) as well as the university overall average. With 100 percent of campus offices participating, OSU’s security team can use survey results to guide three key conversations:
1. Demonstrate trends in controls over time; Use year-to-year information to identify problems and guide improvements
2. Discuss why cyber security matters for department leaders; Use peer and institutional comparisons to drive urgency
3. Prioritize cyber security policy for departments with many complex challenges; Use data to identify the biggest outliers
IT Forum Members, Learn More
Want to take a closer look at OSU's Department Security Scorecard Template? IT Forum members can log in and access the Elevating Security Awareness toolkit to download an editable version. Download the resource.