The Office of Information Security utilizes six primary security rules in order to effectively create a safe, respectful, and ethical online environment.
Ensures the assessment of university IT systems in order to determine security vulnerabilities in need of fixing. An essential process for the better protection of university systems and data. This rule applies to all academic, research, and administrative departments and offices at all University locations; all University faculty, staff, students, visitors, contractors and affiliates; and all resources, systems, infrastructure, devices, facilities and applications in the University’s computing portfolio, whether located on University property or accessed remotely.
System Administrators manage, configure, monitor and access University Information Resources. This high level of access is a position of trust within the University. Individuals who are granted elevated access are personally responsible for their actions. This Rule establishes Acceptable Use for System Administrators for Oregon State University. This rule establishes requirements for System Administrators to ensure that their elevated level of access is performed in a professional and ethical manner.
Governs the University's current log collection, analysis, and retention methods. Ensuring that all processes involving log management satisfy ethical, contractual, and risk-based requirements. This rule applies to any University department or individual that uses or operates IT resources that support official University business.
Defines how Oregon State University controls remote access to University information systems, networks, and resources in order to prevent unauthorized use and to ensure proper use. This rule applies to all users associated with Oregon State University who need to access University resources from the internet.
Outlines the principles and practices of operation for the University’s password authentication services. This rule applies to all individuals who use or operate any University system or resource that requires password authentication
Outlines the principles and practices of operation for the University’s Email Services. This rule applies to any University department or individual that uses or operates an Email Service that supports official University business.
This Rule defines the University’s approach to the establishment of a single digital identity that supports various roles and diverse relationships with the University in order to provide for the protection of systems and data as well as the Oregon State University community.
This rule provides the OSU Community guidance and process on gaining approval of third party systems that process OSU information. This rule applies to all external vendor systems that process OSU information.
To protect data and assure that information technology at OSU is available and secure, the university has developed policies in four key areas:
Each of these policies is designed to serve the university's interests by balancing the need to protect our data and infrastructure with the recognition of the critical role that technology plays in the achievement of the university's strategic goals. The Vice Provost for University Information and Technology is the policy officer for technology and data policies at OSU.
This policy aims to improve data access, accuracy, and integrity, while applying appropriate security controls and protection to manage risk.
This policy explains how we share OSU-specific information, and the obligations held by individuals with this information to use and secure it appropriately.
In aligning with the priorities established for Oregon State University, the mission of the Data Governance Program is to allow for and facilitate campus-wide data-driven decision making.
The integrity and availability of the Oregon State University network is critical to the continued operation of the university. This policy regulates the use of the wired and Wi-Fi networks used to access the university network.