OSU's Network contains data that could cause harm to individuals within our community should it fall into the wrong hands. The Office of Information Security is tasked with identifying threats to that data, such as hackers and the malicious software they use, but it is up to those who work with this data at Oregon State University to help us maintain our commitment to the safety and privacy of our data.
While working with OSU data, you must protect the data you access. Following policies, procedures, standards and guidelines is the best way to ensure data remains safe. Get trained on the appropriate use and protection of university data and report unauthorized access or misuse. Additionally, it is important to understand how to classify the information you handle, so you know how best to secure it.
If you suspect that someone has stolen confidential or sensitive information, hacked into your computer, or suspect your computer has a virus, immediately notify the Office of Information Security.
You are responsible for making sure the system you store information on meets OSU minimum standards. There are different standards for different classifications of data and types of environments.
Follow these steps immediately if you suspect your data's been compromised (the data was out of your control, someone accessed it who wasn't supposed to, etc.).
The less activity that occurs on your computer after you realize information may have been compromised, the more likely it is that the security team will be able to tell whether or not it actually was compromised and what data was accessed.
We have three data classifications (categories of data) based on the level of security the information needs. Understanding the relative sensitivity of that information helps you understand which category the data fits in.
This data is intended for general use, and can be found on websites, news releases, and in various publications. While no harm would befall the university if Unrestricted Information were accessed without permission, we are still concerned that the information be presented unchanged, and be available when needed; as such, there are specific standards of care required around the presentation of that information.
Some data, while not as restrictive as confidential, still are by their very nature or regulation private and must not be openly disclosed. There are typically four types of data that fall into this category.
Confidential information is the most restrictive classification. Four types of data fall into this category.
Use the table below to determine what classifications of data can be maintained on various services and platforms. This list includes Oregon State and 3rd-party services.
|Audio and Video Conferencing||Yes||Yes||No|
|AWS Infrastructure||Yes||Requires Review/Approval||Requires Review/Approval|
|Email (with and without Secure: in the subject line)||Yes||No||No|
|OSU Network Shares||Yes||Yes||Yes, check with your IT support team|
|Slack Enterprise Grid (College of Engineering only)||Yes||Yes||No|