This policy aims to define rules and requirements for connecting to the OU network from any host. These rules and requirements are designed to minimize the potential exposure to OU from damages resulting from unauthorized use of OU resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical OU internal systems, and fines or other financial liabilities incurred because of those losses.
The Cybersecurity Policy defines the minimum controls and safeguards to be implemented for all information technology assets, applications, hardware systems, and network resources owned or managed by OU staff or faculty.
This Cybersecurity Incident Response Plan establishes the procedures for identifying, reporting, and responding to a cybersecurity event. It establishes the basic language to discuss such events, identifies roles and responsibilities involved in responding to and recovering from these events, and provides a playbook for handling these events from the time an event is detected to the post incident report and event closing.
Building on the foundations of the National Institute of Standards and Technology’s (“NIST”) Artificial Intelligence Risk Management Framework for AI Risks and Trustworthiness (AI RMF 1.0, Section 3 [NIST AI 100-1], fig. 1), the AI Governance Working Group has established the following set of principles to guide the development of AI guidelines and policies for implementation at the University of Oklahoma.