Articles (21)

02 - Information Technology and Security Definitions

The Information Technology and Security Policy Definitions includes defined terms relevant to OU's IT and information security policies and standards.

8.2.1.11 Identity and Access Management Policy

The Identity and Access Management Policy defines the information security requirements for the identity and access management processes relevant to university data or systems.

8.2.1.12 Email Transmission and Use Policy

This Email Transmission and Use policy establishes the rules for using email to send, receive, or store electronic mail and informs email users of their responsibilities associated with such use.

8.2.1.14 System Logging Policy

The System Logging Policy outlines the minimum processes that must be in place to ensure access and activity are recorded and reviewed to maintain compliance with the University of Oklahoma (OU) compliance requirements.

8.2.1.15 IT Asset Management Policy

The purpose of this policy is to define which assets must be inventoried, identify the attributes that must be included in any asset inventory, and establish appropriate oversight roles, responsibilities, and procedures for asset management.

8.2.1.17 Data Governance Policy

The University of Oklahoma (OU) recognizes that Institutional Data is an asset and critically important to effectively supporting OU’s mission. The value of data as an institutional resource is increased through its widespread and appropriate use; its value is diminished through misuse, misinterpretation, or unnecessary restrictions to its access. The university has an obligation to protect the integrity and quality of institutional data, privacy of data subjects, and security of institutional d

8.2.1.4 Password Policy

The purpose of this policy is to establish guidance regarding the creation and management of OU accounts in order to protect the security of the network, protect data integrity, and protect information systems.

8.2.1.5 Computer Standardization Policy

The purpose of the OU Computer Standardization Policy is to support and enhance the missions and administrative functions of the University of Oklahoma.

8.2.1.7 IT Disaster Recovery Policy

Disaster recovery planning ensures that system dependencies have been identified and accounted for when developing the order of recovery, establishing recovery time and recovery point objectives, and documenting the roles of supporting Information Technology (IT) personnel.

8.2.1.8 Data Backup Policy

The backup requirements found in this Policy will allow business processes, teaching and learning activities, research projects and university operations to be resumed in a reasonable amount of time, based on criticality, with minimal loss of data.

8.2.1.9 Security Incident Management Policy

This Security Incident Management Policy establishes the standardized process for identifying, containing, eradicating, and recovering from security incident. It establishes the basic language to discuss such incidents, identifies roles and responsibilities involved in responding to and recovering from these incidents, and provides a playbook for handling these events from the time an event is detected to the post incident report and event closing.

8.2.2.1 Information (Data) Classification Standard

The University of Oklahoma (OU) recognizes that institutional information is an asset, critically important to effectively supporting OU’s mission of excellence in teaching, research and creative activity, and service. OU also recognizes the need for appropriate data protections, to ensure student and employee privacy is respected and the University complies with applicable laws.

8.2.2.12 Firewall Management Standard

The purpose of this procedure is to provide guidance on how to properly configure, install, and maintain a firewall.

8.2.2.2 Remote Access Standard

The purpose of this standard is to define the usage and restrictions for remote access, support, maintenance, and administration mechanisms.

8.2.2.22 Risk Assessment Standard

The purpose of this standard is to define the procedures and standards for identifying, assessing, and prioritizing IT risk.

8.2.2.3 Encryption Standard

This Encryption Standard provides guidance to protect assets, such as computers, portable devices, communication networks and their sensitive data that may reside in such devices or networks from unauthorized access by employing encryption technologies.

8.2.2.8 IT Asset Management Standard

The purpose of this standard is to define which assets must be inventoried, identify the attributes that must be included in any asset inventory, and establish appropriate oversight roles, responsibilities, and procedures for asset management.

Media Disposal Guideline

The purpose of this guideline is to define the best practices for media disposal at the University of Oklahoma.