Security Risk Classification

Summary

A guide to the security risk classifications.

Body

Oakland University classifies its information assets into risk-based categories for the purpose of determining who is allowed to access the information and what security precautions must be taken to protect it against unauthorized access.

Risk-based categories are based on the following Data Classifications as identified in University Policy 860 Data Management and Information Security.

Confidential Data: Data that are specifically restricted from open disclosure to the public by law are classified as Confidential Data.
Operation Critical Data: Data determined to be critical and essential to the successful operation of the University as a whole, and whose loss or corruption would cause a severe detrimental impact to continued operations
Unrestricted Data: Information that may be released or shared as needed.

In addition to the classification of the data in use a number of other factors contribute risk. These include:

Data Quantity: Data sets comprised of multiple records typically pose greater risk than an individual record
Exposure Factor: Public facing systems typically are more exposed to attackers than systems that only accessible on-campus

University Risk Categories

Table titled "Oakland University Risk Categories," with columns for Low, Medium, and High Risk. Describes criteria for data risk levels related to confidentiality and impact.

University Risk Classification Examples

"Oakland University Risk Classification table showing three categories: Low, Medium, and High. The table lists examples of information types and their associated risk levels. Low risk includes public information like campus maps. Medium risk includes student records, while high risk involves sensitive data such as health and financial information."

Details

Article ID: 353

Created

Tue 4/8/25 11:57 AM

Modified

Tue 10/21/25 4:11 PM