Site Menu
Recent News
The Compensating Controls & Exceptions Form is up
Here are the Compensating Controls & Exception process submision forms for the UCSS.
GeoTrust SSL Certificate Purchasing Explained
Instructions on how to order SSL Certificates through GeoTrust can be found on this page
Security Boot Camp outline up for comment
The CIO Security Group is developing an "Information Security Boot Camp" program that will be taught later this year. Comment on the proposed outline is encouraged during development. Check out the basic outline here
Check the Blackhole List
To see the current Blackhole listing click here
Report an Incident
To report a security breach or other security incident send an email to Security@osu.edu
Monthly SECWOG (Security Working Group) Meeting
Past Events
You can find our past presentations and meeting notes on our archive page.
Current Year's Events
Here is a listing of this years talks and presentations. Any resources, PDF or slide presentations are linked to each summary entry as well as located on the media page listed by type and subject.
2009
October 1, 2009 - SECWOG
Policy Updates
MCSS 2.0 PDF | IT Security Policy Draft PDF
October's SECWOG centered around the introduction of the revised MCSS document as well as the introduction of the draft enterprise IT Security policy document that will be making its way through the university's formal policy adoption process. Both documents presented are included above for reference.
September 3, 2009 - SECWOG
General Updates
slides
The Spam and Phishing assaults continue and this month we're focusing on analysis and updates for that initiative as well as program updates for the Critical Server Registration process, Enterprise Security Risk Assessment and the new 2009 Poster Campaign.
August 6, 2009 - SECWOG
General Updates
slides
This month we covered general updates of the many university security projects including the MCSS revision, LAPS, and Risk Assessment. Bill Phillips and Mitch Dysart stopped by to update the SECWOG audience on the status of OSU's central email ANti-Spam/Phishing efforts.
April 2, 2009 - SECWOG
OWASP
slides
This month to kick off the SECWOG we invited the local OWASP chapter to present on their organization and events. OWASP is a public organization dedicated to promoting the use of secure programming practices in web and application development.
MCSS Update & User Rights Discussion
Charles Morrow-Jones | slides
Charles Morrow-Jones, Director of CIO IT Security introduced the members of the MCSS Revision Committee to the SECWOG audience and presented the results of the recent Administrative Rights survey that he sent out to distcons. There are links and references to these discussions included on these slides.
March 27, 2009 - OHECC 2009
Information Security Outreach: Conversations and Conversions
Shawn Sines & Kristina Torres | slides
March 5, 2009 - SECWOG
State of the Hack
Steve Romig | slides
Steve walks us through an explanation of many of the recent malware attacks we're seeing at the university and includes a forensic investigation of a specific infection case.
February 5, 2009 - SECWOG
Windows Autoruns/Confiker
Steve Romig | slides
Steve began the discussion of the recent Confiker varients and offered some research resources for administrators concerned about the malware and its interesting ability to do updates and work as a delivery platform for other malware.
ISO 270002 Asset Management Domain Discussion
Shawn Sines
Shawn detailed a bit about the Asset Management controls in the ISO domains and discussed the upcoming changes tot he Critical Server Registration tool supporting this domain as well as the university's forthcoming Critical Server Security Standard (CSSS).
January 8, 2009 - SECWOG
Security incidents of 2008 in Review
Steve Romig | slides
