Oregon State University takes the responsibility for information security seriously. The policies outlined in the manuals for Acceptable Use for University Information & University Computing Resources, and the University Data Management, Classification & Incident Response(InfoSec) are the documents governing information security for OSU. Key points from these policies and procedures manuals are referenced throughout the Business Intelligence Center website.
Information Security policies apply to all members of the OSU Community. There are circumstances which may require specific restrictions on information due to the terms of a grant, federal law or departmental policy. The policies and procedures apply regardless of the media on which the information resides. Specifically they apply to paper and traditional hard copy information, electronic, microfiche/microfilm, CD/DVD, internal and external computer data storage drives, or other types of media. The information form is not limited to text but includes graphics, video or audio or their presentation.
Protected Information and Sensitive Information includes, as noted in Appendix A: Data Classification by Data Element in the InfoSec manual, 000 Introduction, the following:
Protected Information includes
Sensitive Information includes
Responsibilities for Information Security
At OSU, all individuals with access to University information are responsible for care and security of this important resource. Lois Brooks, Vice Provost for Information Services states, “Data is a strategic asset of the University, but only to the extent that it is available, true and actionable. “ With the web-based systems offered by the Business Intelligence Center, keeping data security in the forefront is extremely important.