Oregon State University

201: Information Systems Security - General

Information Security Policies & Procedures Manual
Section 200: Information Systems Security
Effective: 01/11/2010


The purpose of this section is to define in general terms what is meant by Information Systems Security and to set forth the University’s commitment to create and maintain an Information Security Program.


Information Systems are composed of three major components: data, applications, and infrastructure systems.  All three must be addressed in order to ensure overall security of these assets.

Information Security Program

OSU hereby establishes an Information Security Program by adopting and documenting within this Information Security Manual, policies, procedures, security controls, and standards which govern Information Systems including data, applications, and infrastructure systems as those assets are classified according to their relative sensitivity and criticality.  This program should ensure that fundamental security principles, such as those embodied in the ISO 27000 series standards or those generally incorporated into the COBIT framework, are established and maintained.

The foundation of this Information Security Program will be the established information classification system and baseline standards of care established in this manual; however, for these to be effective all three aspects of information systems must be addressed.  This is not just about data, it is also about how data are stored and processed.

Contact Info

Site Maintained by: Office of Human Resources
Oregon State University, Corvallis, OR 97331
Contact us with your comments, questions and feedback
Copyright © 2009 Oregon State University | Disclaimer
Copyright ©  2014 Oregon State University