• Account & Access Management
• Application Services
• Data Center Hosting
• Desktop Management
• Enterprise Connectivity
• Information Security
• Messaging & Collaboration
• Professional Services
• Technology Sales
• Training, Education & Awareness
• Voice Services

OU Norman IT
OU Tulsa IT

Home  |  Online Help  |  Policies  |  Tier Ones

 :: HOME / policies /

IT Security Policies for System Administrators

Most of these policies provide direction for implementation of technical controls by departmental or central IT personnel.

Active Directory Policy: All University owned or operated computers that are compatible with MS Active Directory (AD) and connected to the University network must join Active Directory.

Activity (Log) review Policy: For all information system resources which contain or access data classified as “Sensitive” per the data classification standard, processes must be in place to ensure the access and activity is recorded and reviewed (audited). (more information)

Desktop Computers:

• All computers must have antivirus software installed with daily updates to virus definitions.
• Security patches should be installed within 48 hours of release.
• Lock or logoff when leaving computers unattended.
• Install automated screen savers to lock computers after 15 minutes of inactivity.
• Use the latest vendor supported operating systems: MS Windows XP Pro.

Electronic Data Disposal and Reuse Policy: All University information systems and electronic media must be disposed of properly when no longer needed or before reuse.  Disposal must meet the Electronic Disposal and Reuse Standard . (more information)

Facility Security Policy: The University must establish procedures to protect sensitive information system resources and data from unauthorized physical access, tampering, and theft. (more information)

Password Management Policy: The University must implement a formal documented process for the appropriate creation, modification, and safeguard of information system passwords. (more information)

Security Incident Reporting Policy: All suspected information security incidents must be reported promptly to the appropriate university office or party. See Incident reporting procedures.

Security Patching Policy : Security patches should be installed within 48 hours of release. (more information)

Transmission of Sensitive Data: Data and resource owners must appropriately protect sensitive data from unauthorized interception, modification, or access during electronic transmission.

Transportation of Media Policy: Data and information system resource owners must govern the receipt, transfer and removal of electronic media which contain sensitive data.

Vulnerability Assessment Policy: The operating system or environment for all information system resources must undergo a regular vulnerability assessment.

Workstation Use and Security Policy Procedures must be in place to ensure all University workstations are classified based on allowable capabilities and activities and secured accordingly in order to protect the confidentiality, integrity, and availability of sensitive data contained on or accessed through the workstations. 

Definitions

Service Request
Assistance with other issues related to this service can be requested using this form. Upon submission, this form creates a record in our tracking system and it will be routed to the appropriate resource for action.