Overview

Oakland University classifies its information assets into risk-based categories for the purpose of determining who is allowed to access the information and what security precautions must be taken to protect it against unauthorized access.

Risk-based categories are based on the following Data Classifications as identified in University Policy 860 Data Management and Information Security.

• Confidential Data: Data that are specifically restricted from open disclosure to the public by law are classified as Confidential Data.

• Operation Critical Data: Data determined to be critical and essential to the successful operation of the University as a whole, and whose loss or corruption would cause a severe detrimental impact to continued operations

• Unrestricted Data: Information that may be released or shared as needed.

In addition to the classification of the data in use a number of other factors contribute risk. These include:

• Data Quantity: Data sets comprised of multiple records typically pose greater risk than an individual record
• Exposure Factor: Public facing systems typically are more exposed to attackers than systems that only accessible on-campus

University Risk Categories

University Risk Classification Examples