Ohio University has closed the five information technology security gaps discovered in April and May. Under the leadership of Chief Information Officer Bill Sams, the IT staff has carefully reviewed all 90 of the machines in the central server room and found no further problems. The university is continuing its efforts to improve data security, and additional protective measures will be deployed in the weeks and months to come.

Over the next nine to 12 months, Ohio University will accomplish 20 initiatives outlined in a comprehensive plan developed by Sams, the IT staff and additional external experts. The 20-point action plan, “Blueprint for Building a World-Class IT Function at Ohio University,” will involve all aspects of the university’s computer services: technology, business strategy and process, and organization and governance.

Some highlights from the blueprint include:

• Implementing a perimeter firewall that will filter Internet traffic to protect computers outside of the central cluster from hacker attacks.
• Classifying data by the level of security required.
• Reducing the use of Social Security numbers within the university and encrypting those that are required.
• Reorganizing the central IT organization to establish clear roles and responsibilities, to focus on meeting user needs and to facilitate teamwork.
• Restructuring the IT Leadership Council to expand the involvement of key groups in the approval of projects and the establishment of priorities.

The total estimated cost of implementing this blueprint is between $5.5 million and $8 million. Ohio University’s Board of Trustees recently approved $4 million to support this effort. The balance of the funding is likely to come from restructuring and increased effectiveness in the existing IT budget.

The blueprint can be found online at: www.ohio.edu/outlook/05-06/July/611-056a.cfm.