Oregon State University has a compelling strategic vision – to create healthy people, a healthy planet and a healthy economy through an aggressive research agenda, excellent educational programs, and community engagement. Our growing student population on and off campus, expanding research profile, and a service mission that reaches across Oregon and around the world creates a dynamic environment in which technology must play a critical and transformative role for the University to achieve its goals.
Information Services is helping to realize the University's strategic vision by:
As the University is changing, Information Services is evolving as well. We have a strong record of providing reliable and secure systems, and we're building on this legacy by leveraging IT investments for a cost-effective enterprise, adopting best practices for technology and service delivery, and collaborating widely on and off campus with OSU, higher education and industry partners to find the best solutions to meet the University's challenges.
This website offers a gateway to Information Services at OSU and I invite you to explore it to learn more about the services we offer.
If you work or study at Oregon State University or access any OSU data for any reason, this policy applies to you.
Storing information – You are responsible for making sure the system you store information on meets OSU minimum standards. Those standards are available at http://oregonstate.edu/helpdocs/security-and-tuning/computer-tuning/baseline-standards-care.
Lost, stolen, hacked, infected – Have you lost confidential or sensitive information? Do you know or suspect that someone has stolen confidential or sensitive information from you? Do you know or suspect someone has hacked into your computer? Do you know or suspect your computer has a virus (or other malware)? If you answered yes to any of these questions, you need to report it to the Office of Information Security.
Third-party services – Before using confidential data with a cloud-based (third-party) service, contact the Office of Information Security. They need to conduct a security assessment of the service before it can be used.
⇛ Specific types of confidential and sensitive data are listed at http://is.oregonstate.edu/ispolicies/datamanagement/examples.
We have three data classifications (categories of data) based on the level of security the information needs. Understanding the relative sensitivity of that information helps you understand which category the data fits in.
This is the most restrictive classification. Four types of data fall into this category.
This classification covers university data that has some security risk. It is less restrictive than the confidential classification. Sensitive information is commonly used in conducting Oregon State business and may be confidential or bound by non-disclosure expectations.
This is information that carries no security risk if it’s made public. Most university data is unrestricted.
There are two things you need to do immediately if you suspect your data’s been compromised (the data was out of your control, someone accessed it who wasn’t supposed to, etc.).
What type of information is it? Which of the categories above does it fit into?
Give the DCA as much information as you can, including how you think the data would be classified.
Follow the directions they give you, even when that means you’ll lose changes to files.
Once the initial risk has been eliminated, there are two more things you need to do.
The CISO will decide what needs to happen next. The Office of Information Security will lead the investigation of the possible breach and will let the appropriate data custodians know what’s happened.
Use the webform, or call x.7-9800 (541-737-9800).
The less activity that occurs on your computer after you realize information may have been compromised, the more likely it is that the security team will be able to tell whether or not it actually was compromised and what data was accessed.
This policy is designed to help us comply with state and federal laws that require us to protect the confidentiality, integrity and availability of university data.
⇛ You can read the full policy at url.[FTF6]
Information Security Policies and Procedures Manual
Data Classification by Data Element
Information Services is responsible for the university network.
Authenticate or register your device. This can be done by logging in through an official OSU account (such as your student or staff account), by registering your device directly with Information Services or by having a recognized representative of the university register your device.
Disrupt or degrade the university network.
The Oregon State University network connects people within the university and with the rest of the world. The university network includes all networks, except the Guest network, at all Oregon State locations.
Install, configure and maintain network hardware and software.
The Vice Provost of Information Services may grant exceptions to the requirements in this policy. If you would like to request an exception, please begin by contacting the Office of Information Security.
This policy identifies which university roles are responsible for the wired and wireless networks at Oregon State. It also specifies certain behavioral expectations for anyone who connects to the OSU network.
⇛ You can read the full policy at url[FTF5] .
"UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You must have explicit permission to access or configure this device. All activities performed on this device may be logged, and violations of this policy may result in disciplinary action, and may be reported to law enforcement. There is no right to privacy on this device. Use of this system shall constitute consent to monitoring."
The purpose of the IT Security Governance Committee is to help the university effectively manage risk.
The committee has three major functions: Oversight, Strategy, and Expert Counsel. These functions are broken thusly:
3. Expert counsel
The Instructional Technology Governance Council is a senior level governance committee that guides the directions and investments for technology to support the learning enterprise at OSU. It is not intended to be representational of university units. Rather, it is comprised of university leaders who bring broad thinking and represent university interests, guiding investments and future directions.
The work of the committee is currently focused on Learn@OregonState, the ecosystem encompassing learning management, educational content, metrics, and emerging educational technologies. Its purview includes a wider perspective on educational technology, however; and the council may at times consider investments in physical spaces, faculty support and analytics. It also oversees the Learning Technology Innovation Grants. The committee typically meets 1-2 times per quarter.
The Counsel is advisory to Lois Brooks, Vice Provost of Information Services, and through her to Dr. Randhawa.
We're sorry but there currently are no results for your selection. Please try filtering on a different value.
Technology and information, if used strategically and effectively, can amplify and accelerate OSU’s progress toward Strategic Plan 3.0.
The Strategic Investment Plan for the Information Technology Enterprise
There are two core themes to the investment strategy, achieving scale and enabling transformational experiences.
Oregon State University has embraced contemporary approaches for technology; mobile computing and cloud-based services are the norm. This serves OSU’s goals particularly well. Mobile enhancements untether faculty from the teaching podium to engage more directly with learners. Our learners, researchers, instructors, and workers not only gather and share data from our fields, forests, rivers, oceans and atmosphere, we collaborate with our colleagues in real time, be they on or off campus. Cloud services also enable anywhere, any time collaboration and work, providing useful and modern services that enable the learning, research and outreach activities of the OSU community.
As we enter 2016, we must build upon this momentum by creating an environment where each person can assemble a personalized learning and research experience from a well- selected set of tools and services. We will transform the university through a scaled and comprehensive approach that quickens the pace toward success, reducing overall expense and redundant effort even while allowing each person the flexibility to learn, teach, research and engage.
The top trends shaping OSU’s IT investments and priorities are:
We must enable the necessary curricular and co-curricular approaches that allow learners to thrive, learn and graduate. New demographics of learners need more flexibility in pacing and credentialing. Across all forms of learning, data is essential to understand what works, measure progress and improve outcomes.
Past practices for IT services must evolve toward contemporary approaches that support computing on massive and personalized scales. Vast arrays of increasingly smart instrumentation underpin OSU’s natural resources, engineering, science, and human- focused research enterprise, enabling cutting edge research while creating data in massive streams that require ever-increasing computational, storage and network capacities.
Through the private sector, academic partnerships, and university resources, these solutions support new forms of work, research and learning. Regular change and improvement is a hallmark of this new paradigm, enabling (and requiring) that our community quickly and regularly adopt new tools and services.
Cyberthreats are pervasive, threatening the reliability of our systems and data, and posing the risk of harm and loss for the university and the members of our community. It is essential that we remain current with security tools and practices to prevent attacks and loss of data, and the OSU community must be knowledgeable and diligent in protecting their personal and shared resources.
New investments in technology must meet at least one of these criteria:
Each of the following initiatives serve the University’s strategy for meeting the goals identified in Strategic Plan 3.0, and to develop greater accountability and greater efficiencies in institutional and administrative functions. The benefits gained from these initiatives depend on the University’s ability to invest, the capacity to absorb new initiatives, and our community’s willingness to act collectively and purposefully toward common solutions.