OU-Tulsa Information Security
OU-Tulsa Information Security Program Charter
Our Mission, Goals, and Services
OU-Tulsa Organization
All members of the OU-Tulsa community share in the responsibility for protecting OU-Tulsa information resources. The OU-Tulsa Information Security Program forms relationships with OU-Tulsa community members to achieve information security goals and objectives. The OU-Tulsa information security program is integrated within the OU-Tulsa IT team and aligned with OUHSC Information Security Services and OU-Norman Information Security.
OU-Tulsa Information Security Mission
In the course of carrying out its academic, research and clinical missions, faculty, staff and students at OU-Tulsa collect many different types of information, including financial, academic, medical, human resources and other personal information. OU-Tulsa values the ability to communicate and share information appropriately. Such information is an important resource of OU-Tulsa and any person who uses information collected by OU-Tulsa has a responsibility to maintain and protect this resource.
Federal and state laws and regulations, as well as industry standards, also impose obligations on OU-Tulsa to protect the confidentiality, integrity and availability of information relating to faculty, staff, students, research subjects and patients.
The mission of the OU-Tulsa Information Security Program is to protect the confidentiality, integrity and availability of this data in partnership with OUHSC Information Security Services and OU-Norman Information Security.
- Confidentiality means that information is only accessible to authorized users.
- Integrity means safeguarding the accuracy and completeness of data and processing methods.
- Availability means ensuring that authorized users have access to data and associated information resources when required.
OU-Tulsa Information Security Program Services
To enable compliance and protection of OU-Tulsa information resources the information security program will:
1. Work in partnership with OUHSC Information Security Services and OU-Norman Information Security to grow and sustain the following services:
Information security policy and standards management that ensures the consistent protection of information security controls throughout OU-Tulsa.
Information risk management to classify critical information assets, assess information security risks within the OU-Tulsa information technology environment and OU-Tulsa third party service relationships, and recommend effective and economical strategies to manage the risks associated with these critical OU-Tulsa information assets.
Information security monitoring, in cooperation with OU IT functional teams, to identify vulnerabilities and threats within the OU-Tulsa environment and make recommendations to address those threats and vulnerabilities.
Investigations of information security incidents and concerns that could impact OU operations or reputation, and make recommendations to mitigate risk to OU-Tulsa information resources.
Information security awareness through various methods and techniques to enable a risk aware culture that will collectively with the OU-Tulsa Organization protect OU-Tulsa information resources and reputation.
2. Serve on university committees and workgroups to support the goals and objectives of the OU information security program(s).
3. Sustain a relationship with OU Security and Compliance and OU Internal Audit to enable an effective information security compliance program to ensure that OU-Tulsa meets or exceeds established OU Information Security Policy and Standards, and external regulations and industry standards.
