The Information Technology and Security Policy Definitions includes defined terms relevant to OU's IT and information security policies and standards.
The University of Oklahoma (OU) recognizes that institutional information is an asset, critically important to effectively supporting OU’s mission of excellence in teaching, research and creative activity, and service. OU also recognizes the need for appropriate data protections, to ensure student and employee privacy is respected and the University complies with applicable laws.
The purpose of this procedure is to provide guidance on how to properly configure, install, and maintain a firewall.
This standard defines the minimum data protection practices for Category B - Payment Card or Credit Card data.
The purpose of this standard is to define the usage and restrictions for remote access, support, maintenance, and administration mechanisms.
The purpose of this standard is to define the procedures and standards for identifying, assessing, and prioritizing IT risk.
The purpose of this standard is to define which assets must be inventoried, identify the attributes that must be included in any asset inventory, and establish appropriate oversight roles, responsibilities, and procedures for asset management.
The purpose of this guideline is to define the best practices for media disposal at the University of Oklahoma.
The purpose of this Payment Card Security Standard is to define roles and responsibilities for meeting the requirements of the Payment Card Data Security Standard (PCI DSS) and for the protection of the University information system resources that collect, store, process,and transmit cardholder data, or that could otherwise impact the security of cardholder data.
The University has established security standards and processes for the protection of Cardholder Data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI requirements apply to all OU entities that collect, store, process, or transmit Cardholder Data, provide for its oversight, or support an entity that does. Each such entity will be required to comply with the established processes and standards.