Glossary of Terms - Information Security and Related Policy

  1. Acceptable Use - The proper and appropriate use of the University’s Electronic Resources in support of the teaching, learning, research and service missions of the University. 
  2. Access Control - The mechanism for limiting access to Information Resources to those users who are entitled to them.[1]
  3. Account - An identification used by a person to access a computer, network, or electronic service.  It is comprised of a username, password and information related to the user.
  4. Availability - Ensuring timely and reliable access to and use of information. The loss of availability is the disruption of access to or use of information or an information system.[2]
  5. Confidential Information - Sensitive, high-risk information about an individual or the University including, but not limited to, student academic history, student discipline, student financial records, social security numbers, employment and benefit information, alumni giving, research information, user passwords, privileged communications, etc.
  6. Confidentiality - Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and personal information; the loss of confidentiality is the unauthorized disclosure of information.2
  7. Critical Hosts - Servers that house Confidential or Sensitive data as defined by the University’s Data Classification policy.  These servers must be administered by OIT or by OIT approved vendors
  8. Data Classification - The conscious decision to assign a level of sensitivity to data as it is created, amended, enhanced, stored, or transmitted.[3] 
  9. Data Integrity - The correctness, completeness and validity of the information maintained by the University.
  10. Data Security Officer – The individual who is responsible for the authorization and auditing of access to University data which reside in the University’s information systems, whether the data resides on premise or in a third-party hosted environment.  The Security Officer works closely with the Data Steward in authorizing access to data. 
  11. Data Steward - The individual who is responsible for the accuracy, integrity, consistency and relevancy of specific information within their assigned areas.  The steward may be responsible for data managed and stored within a specific module of the Banner information system, the Library system, the learning management system, the University’s information portal and its specific channel content, University web sites, or any other system that houses University data irrespective if the data resides on premise or in a third-party, hosted environment.  
  12. Disaster Recovery - The ability of the University to respond to a disaster or an interruption of services by implementing a Disaster Recovery plan to stabilize and restore the critical functions.1
  13. Identity and Access Management (IAM) - The management of user identities within the University and includes the management of accounts, roles and privileges assigned to users.  IAM defines boundaries for the use of University electronic resources such as computers, software, operating systems, networks, electronic mail services, storage media, internet browsing and file transfer protocol.
  14. Information Resources - data in any form, whether recorded on any media or in transit, owned or controlled by, licensed to, or in the possession of the University as well as any hardware, software, systems, platforms, sites, applications, networks, devices, equipment and facilities owned or operated by the University or that are provided by third parties to or for the benefit of the University or its Users. .
  15. Information Security - The safeguard of all University Information, electronic or otherwise, and the resources used to capture and manage that information.[4]
  16. Information Security Officer - The individual or individuals responsible for the oversight for Information Security at the University. The responsibility includes monitoring compliance with the University’s information security policies and procedures, making recommendations for improved security and monitoring the occurrence of Security Incidents. The Information Security Officers at the University are the Information Technology Executive Management team, which reports to the Vice President of Financial Affairs.
  17. Integrity - The guarding against improper information modification or destruction, and includes ensuring information repudiation and authenticity; The Loss of Integrity is the unauthorized modification or destruction of information.2
  18. Privacy - The freedom from unauthorized intrusion.[5] 
  19. Security Incident - An event that occurs when an individual accesses an Information Resource in violation of this policy or in violation of applicable law.  The incident may impact or interrupt services, and in some cases may lead to disaster.[6]
  20. Sensitive Information - All data that is not defined as unrestricted or confidential.  In the conduct of University business, this data may be accessed by anyone employed by or working under contract for the University.
  21. System Administrator – Personnel employed by the Office of Information Technology (OIT) or an OIT-approved vendor who operates and manages Information Resources in compliance with all relevant University policies.
  22. Unit - A University division, department, program, research center, service center or other operating unit.
  23. Unit Head - The individual charged with the administrative responsibility for an organizational unit or department.
  24. Unrestricted Information - Information that is generally available and open to the public including information found on the University external web sites such as faculty and staff names, titles, department information, work phones, class schedules, etc.
  25. User - Any individual who makes use of an Account to access the University’s network services or Information Resources including students, faculty, staff, alumni and guests.
  26. Vulnerability - A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.4
 

Details

35588
Created
Mon 5/6/19 10:11 AM
Modified
Mon 5/6/19 10:16 AM