OUHSC Information Technology Department |
IT Security Policies for System Administrators Most of these policies provide direction for implementation of technical controls by departmental or central IT personnel. Active Directory Policy: All University owned or operated computers that are compatible with MS Active Directory (AD) and connected to the University network must join Active Directory. Activity (Log) review Policy: For all information system resources which contain or access data classified as “Sensitive” per the data classification standard, processes must be in place to ensure the access and activity is recorded and reviewed (audited). (more information)
Electronic Data Disposal and Reuse Policy: All University information systems and electronic media must be disposed of properly when no longer needed or before reuse. Disposal must meet the Electronic Disposal and Reuse Standard . (more information) Facility Security Policy: The University must establish procedures to protect sensitive information system resources and data from unauthorized physical access, tampering, and theft. (more information) Password Management Policy: The University must implement a formal documented process for the appropriate creation, modification, and safeguard of information system passwords. (more information) Security Incident Reporting Policy: All suspected information security incidents must be reported promptly to the appropriate university office or party. See Incident reporting procedures. Security Patching Policy : Security patches should be installed within 48 hours of release. (more information) Transmission of Sensitive Data: Data and resource owners must appropriately protect sensitive data from unauthorized interception, modification, or access during electronic transmission. Transportation of Media Policy: Data and information system resource owners must govern the receipt, transfer and removal of electronic media which contain sensitive data. Vulnerability Assessment Policy: The operating system or environment for all information system resources must undergo a regular vulnerability assessment. Workstation Use and Security Policy Procedures must be in place to ensure all University workstations are classified based on allowable capabilities and activities and secured accordingly in order to protect the confidentiality, integrity, and availability of sensitive data contained on or accessed through the workstations. Service Request |
|
Copyright © 2006 The Board of Regents of the University of Oklahoma, All Rights Reserved.- Disclaimer | Copyright |