Security Consultation

System Security Assessments help identify cybersecurity risks from the use of technology that could potentially cause loss or harm to the University.  A System Security Assessment helps determine if technology will comply with federal and state laws or regulations and University policy for protecting University data.  The goal is to reduce the overall of exposure of the University to cybersecurity risks.  The service is provided by the Office of Information Technology’s Governance, Risk, and Compliance Team. 

Cost

There are no costs associated with a consultation.

Availability

This service is offered to all OU users at all OU campus locations.

Features

Action Description Timeline
Submit a Request

Fill out a new request form by clicking "Request Service"

Immediately 
IT GRC Review

IT GRC will review the request form and determine if the requestor is able to answer technical questions.  If yes, IT GRC will review the technical responses provided the requestor.

If no, IT GRC will schedule a Security Assessment conference call with the System Administrator and Data Steward to discuss the technical capability of technology.  The technology vendor may be invited to this conference.

3 business days
IT GRC Security Profile Summary

Upon completion of the IT GRC Review, a System Security Profile report will be generated and presented to the System Administrator and Data Steward.   

Any identified gaps will be discussed to develop mitigation strategies along with timelines and responsible parties.   

Gaps that cannot be mitigated, will be presented to the:  

Low risks will request the approval of the CISO; 

Moderate risks will request the approval of the CISO and Data Owner;   

High risks will request the approval of the CISO, Data Owner, and CIO.

Varies depending on stakeholder availability
Security Assessment for storing University data and meeting compliance for external standards (NIST, HIPAA, PCI, GDPR, CUI, and FERPA

Security Assessment when evaluating applications or new solutions, IT Security can advise so you can select a low-risk option.

An Assessment IS Recommended Assessment IS NOT Recommended
  • Implementation of a new or upgraded multi-user Information System 

  • Solutions requiring an interface to an existing Information System 

  • Contracting with a third-party service for software or technology service 

  • Implementing a solution interacting with regulated data (ePHI, PCI, FERPA, PII, CUI) 

  • Software not covered by OU Site or Volume licenses 

  • Purchase of servers and network equipment 

  • Purchase of digital signage and classroom audio/visual equipment not maintained by Academic Technology 

  • Purchase of cloud, networked or removable storage 

  • Medical/Research Devices

  • Computer Standardization desktops, laptops, and tablets 

  • Computer accessories, peripherals, and supplies 

  • Printer Standardization Multi-function or Network Printers 

  • Software covered by OU Site or Volume licenses 

  • Desktop (non-networked) printers and toner cartridges 

  • Backup tapes 

  • Camcorders, digital cameras, DVD players, DVDs, CDs and videotapes 

  • Non-networked Smart TVs 

  • Smart Phones 

  • Headsets 

  • Keyboards 

  • Microphones 

  • Wired or Wireless Mouse 

  • Power Cords/Adapters 

  • Presenter pointer/clicker 

  • Projector accessories 

  • UPS Power Supply, battery backup 

  • Webcams

Related Articles

Self Help

Services Alerts

Check Alerts Subscribe

Can't find what you're looking for?

Contact Us
 
 
Request Service

Details

Service ID: 64
Created
Wed 5/20/20 8:50 AM
Modified
Fri 3/19/21 12:57 PM