Information Security Glossary
Stands for the Association of Accounting Technicians. Membership entitles those who have completed the examinations and obtained relevant supervised work experience to call themselves associate accounting technicians.
The definition of an individual's relationship to the University, such as student, faculty, or staff
A term used by telecommunications professionals to describe two directory numbers going to a single voicemail box.
Software that detects or prevents malicious software.
A software program designed to perform a specific function for a user. Applications include, but are not limited to, word processors, database programs, development tools, image editing programs, and communication programs.
The process of confirming that a known individual is correctly associated with a given electronic credential; for example, by use of passwords to confirm correct association with a user or account name (is a term that is also used to verify the identity of network nodes, programs, or messages).
The process of determining whether or not an identified individual or class has been granted access rights to an information assets, determining what type of access is allowed; e.g., read-only, create, delete, and/or modify.
Ensuring that information assets are available and ready for use when they are needed.
An instrument intended to validate the identity of an individual through comparison of a demonstrated intrinsic physical or behavioral trait with a record of the same information previously captured. For example; fingerprint, retina scan, voice recognition.
An application white listing program protects desktop computers by comparing any request to install software against a list of known good applications.
The Google Apps blog creation program
Business Continuity Planning
See CSU BCP Executive Order.
Change Action Board (CAB) that oversees major technology changes that impact campus services.
Campus Limited Access Area
Physical area such as a human resource office, data center, or Network Operations Center (NOC) that has a defined security perimeter that has a card controlled entry door or a staffed reception desk.
Responsible for (1) specifying and monitoring the integrity and security of information assets and the use of those assets within their areas of program responsibility and (2) ensuring that program staff and other users of the information asset are informed of and carry out information security and privacy responsibilities.
An event that causes substantial harm or damage to significant CSU information assets. For example: earthquake, fire, extended power outage, equipment failure, or a significant computer virus outbreak.
The official, public CSU, Chico Website at www.csuchico.edu
PeopleSoft CFS is the financial application element of the Common Management System implemented by the CSU to manage University financial systems
Common Management Systems (CMS) is a mandated CSU initiative to improve services through integrated administrative systems for human resources, financials and student information.
Computer Security Incident Response Team (CSIRT)
The name given to the team that handles security incidents.
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information [44 U.S.C, SEC. 3542].
Countermeasures (administrative, physical, and technical) used to manage risks.
The term used by GMail to describe a series of e-mails with the same subject line between two or more individuals
An asset that is so important to the campus that its loss or unavailability is unacceptable.
Any CSU administratively controlled communications network that is within the CSU managed physical space. Such networks may interconnect with other networks or contain sub networks.
A set of predefined, interactive reports in OBI.
A centralized store of information about data such as its meaning, relationships to other data, origin, usage, and format.
Individual facts, statistics, or items of information represented in either electronic or non-electronic forms.
A facility used to house information processing or telecommunications equipment that handle protected or critical information assets.
A data mart is a subset of a data warehouse that is intended for use by a specific team or line-of-business unit. CSU, Chico data marts contain subject areas, dashboards, and reports pertaining to a specific subset of data.
Person identified by law, contract, or policy with responsibility for granting access to and ensuring appropriate controls are in place to protect information assets. The duties include but are not limited to classifying, defining controls, authorizing access, monitoring compliance with CSU/campus security policies and standards, and identifying the level of acceptable risk for the information asset. A Data Owner is usually a member of management, in charge of a specific business unit, and is ultimately responsible for the protection and use of information within that unit.
(also known as “Data Custodian”) An individual who is responsible for the maintenance and protection of the data. The duties include but are not limited to performing regular backups of the data, implementing security mechanisms, periodically validating the integrity of the data, restoring data from backup media, and fulfilling the requirements specified in CSU campus security policies and standards.
DMZ (De-Militarized Zone) is a set of one or more information assets logically located outside of a protected network that is accessible from the Internet (open to the world) with limited controlled data exchanges with the protected environment.
The Domain Name System (DNS) is the naming system for computers, services, and other resources connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
The Degree Progress Report for Students is a comprehensive academic audit that matches a student’s academic history with his/her degree requirements. It can be accessed through Faculty Center and Student Center.
An application published by Adobe Systems that can be used to generate web pages
Electronic or optical data storage media or devices that include, but are not limited to, the following: magnetic disks, CDs, DVDs, flash drives, memory sticks, and tapes.
The process of encoding data so that it can be read only by the sender and the intended recipient. Encryption is the standard approach to protecting confidential information from unauthorized viewing by humans or computers.
An agreed to secure means of data transmission over a network (wired or wireless).
Assignment of a single individual to overlapping administrative or management job functions for a critical information asset without appropriate compensating controls such as added reviews or logging.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools receiving public funds under an applicable program of the US Department of Education.
A firewall is a hardware or software network security device that sits between two networks - one of which is usually the Internet - to control what information is allowed to pass between those networks.
Your free/busy time shows people if you are available when they invite you to a meeting. They can't see what you are doing, only whether you are free or busy.
Global Address List
A list of all CSU, Chico e-mail addresses on the mail system.
Google's web-based e-mail system, adopted campus-wide at CSU, Chico.
CSU, Chico uses and supports a number of Google applications, or Apps: GMail, Google Calendar, Google Groups, Google Docs, Blogger, and Google Sites. All are accessible through the GMail interface.
Google Apps Sync
A plug-in for Microsoft Outlook that allows you to access your Google Apps mail, calendar, and contacts from within Outlook.
An online tool to create and share work online. Part of Google Apps.
The Google Apps implementation of a mailing list enables users to establish lists of recipients for different types of communications with different access/privacy levels.
A Google Apps program that can be used to generate small personal websites. May not be used to generate CSU Chico instructional sites.
A defensive strategy to protect against attacks by removing vulnerable and unnecessary services, patching security holes, and securing access controls.
Physical devices including, but is not limited to, portable and non-portable workstations, laptops, servers, copiers, printers, faxes, and PDAs.
Human Capital Management is the PeopleSoft application used by CSU, Chico as part of the Common Management System to manage personnel and other human resources-related functions.
Short for Independent Computing Architecture, ICA is a protocol designed specifically for transmitting Windows graphical display data as well as keyboard and mouse input over a network. It's used by Citrix in the program you download to your local PC in order to access VLab.
The system that reconciles and maintains information about people and their relationship to the University and makes this information available to other systems.
Identity and access management - the management of individual identifiers, their authentication, authorization, and privileges with or across system and enterprise boundaries. The goal is to increase security and productivity while decreasing cost, downtime, and repetitive tasks.
Information systems, data, and network resources to include automated files and databases.
Information Security Program
An organizational effort that includes, but is not limited: to security policies, standards, procedures, and guidelines plus administrative, physical, and technical controls. The effort may be implemented in either a centralized or a decentralized manner.
A combination of hardware, network and other resources that are used to support applications and/or to process, transmit and store data.
Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. [44 U.S.C., SEC. 3542]
Instance management is the term used by PeopleSoft applications to describe the different databases available to the system and their use, enabling users to choose the most appropriate database for their requirements.
The Internet Protocol (IP) is the principal communications protocol used for relaying information across the Internet. To enable information to reach its destination, every computer connected to the Internet has a unique IP address.
An ITC, or Information Technology Consultant, is a member of the IT Services department with responsibility for a specific department.
Information Technology Support Services is the over-arching name for the Desktop Management, Help Desk, and Technology Shop teams. They are located in MLIB 142 and can be reached at 898-4357.
Each department has a Key Advisor, who is the department's primary point of contact for Telecommunication & Network Service needs (phone and network). This person is authorized to make additions, changes, and deletions to these services for your department. If your Key Advisor is unavailable and you have an urgent need, please obtain authorization from your Department Dean, Chair or Director.
Similar to tagging in social networks, a label is the function you use in GMail to categorize a message. Unlike folder storage, messages can have multiple tags.
A concept of information security by which users and their associated applications execute with the minimum amount of access required to perform their assigned duty or task.
Level 1 Protected Data
Level 1 data, sometimes also referred to as Level 1 protected data, is confidential information that is in most cases protected by statutes, regulations, or other legal mandates. Level 1 data includes PII (social security numbers, credit card numbers, driver’s license numbers, etc) as well as medical records, passwords, and sealed bids.
Level 2 Private Data
Level 2 data is information which could raise ethical or other privacy concerns if shared with individuals or entities that do not have the legal right to require sight of such information. Examples include FERPA protected student grade data and disciplinary action records, as well as employee personal information such as home address and telephone number.
Level 3 Public Data
This information is regarded as publicly available. These data values are either explicitly defined as public information (e.g. state employee salary ranges, intended to be readily available to individuals both on- and off- campus (e.g., an employee's work e-mail addresses), or not specificually classified elsewhere in the protected data classification standard.
Publicly available data may still subject to appropriate campus review or disclosure procedures to mitigate potential risks of inappropriate disclosure.
The connection of one device or system to another through the use of software.
The amount of time for which logins to an account are disabled. Usually invoked once a threshold of invalid login attempts has been reached
Software designed to damage or disrupts information assets.
Short for malicious software, malware is a generic term for any type of software designed to do damage to or otherwise adversely affect the integrity of a computer system and/or the data stored on that system
Devices containing electronic CSU data which are easily transported. Such devices include, but are not limited to: laptop computers, personal digital assistants (PDAs), and “smart” phones.
MySQL is a commonly-used database system that's often combined for web use with the widely-used PHP scripting language.
Network Address Translation (NAT)
Network Address Translation (NAT) is usually implemented to enable multiple hosts on a private network to access the Internet using a single public IP address. It can pose significant security risks and so systems running NAT are not permitted to connect to the HSU wireless network.
Resources that include, but are not limited to: network devices (such as routers and switches), communication links, and network bandwidth.
Nolij is a data management system that enables PeopleSoft users to save time and improve efficiency by automating manual business processes.
A service or information intended only for the internal use of the organization.
Specific items of personal information identified in California Civil Code Sections 1798.29 and 1798.3.
OBI, or Oracle Business Intelligence, is the reporting and analysis tool used to extract information from the PeopleSoft databases.
Software that is primarily or entirely concerned with controlling a computer and its associated hardware, rather than with processing work for users.
The P2P (peer-to-peer) application structure was popularized by file sharing systems like Napster. In P2P networks, peers are both suppliers and consumers of resources, unlike the traditional client–server model where only servers supply (send) and clients consume (receive).
The installation of a software update designed to fix problems, improve usability, or enhance performance.
The peer-to-peer (P2P) application structure was popularized by file sharing systems like Napster. In P2P networks, peers are both suppliers and consumers of resources, unlike the traditional client–server model where only servers supply (send), and clients consume (receive).
Personally Identifiable Information
Any information that identifies or describes an individual, including, but not limited to name, Social Security number, physical description, address, phone number, financial matters, medical or employment history (California Information Practices Act).
Sometimes referred to as social engineering, phishing is an attempt to get computer users to provide valuable information, particularly user names and passwords, by providing a convincing-looking but false context such as a recreation of a bank's login page or email.
Being able to physically touch, use, and interact with information systems and network devices.
PII, or Personally Identifiable Information, is information about an individual that can be used to facilitate identity theft. It includes social security numbers, driver’s license numbers, and credit card numbers. The CSU has classified PII as Level 1 Data.
The Policy Key is a small piece of software installed on end user computers as part of our Network Access Control system. Its role is to ensure that those computers meet CSU, Chico security requirements whenever they connect to the Internet using the CSU, Chico wireless network or ResNet.
In Google Apps, your primary calendar is the one created by default. By default, it's your CSU Chico e-mail address.
Information asset containing protected data.
Level 1 and Level 2 data which are defined in the CSU Data Classification Standard. This data has been categorized according to its risk to loss or harm from disclosure.
The Project Sponsor defines the project objectives, has the authority to commit financial and human resources, and evaluates the results.
Proxy systems were developed in the early days of distributed systems as a way to simplify and control complexity. Today, most proxies are used to filter and manage access to content on the World Wide Web.
Any information prepared, owned, used or retained by a campus and not specifically exempt from disclosure requirements of the California Public Records Act (Government Code Sections 6250-6265) or other applicable state or federal laws.
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, Mac OS X, and Android.
Deleting the partition and creating a new partition or using “Ghost” or another sector-based imaging program.
Any connection from an external, non-campus network to any campus information system, data, or network resource.
The network in the halls of residence, which is separate from the campus business network.There is also a ResNet wireless network. More details on the ResNet website at http://www.csuchico.edu/resnet.
RFB (remote frame buffer) is a simple protocol for remote access to graphical user interfaces. It can be used with any windowing system or application, including Windows and Macintosh.
The likelihood of a given threat exercising a particular potential vulnerability, and the resulting impact of that adverse event on an organization.
A process by which quantitatively and/or qualitatively, risks are identified and the impacts of those risks are determined. The initial step of risk management.
A structured process which identifies risks, prioritizes them, and then manages them to appropriate and reasonable levels.
Reduce the adverse effect of an event by reducing the probability of the event occurring and/or limiting the impact of the event if it does occur
Awareness of security and controls, in non-technical terms, conveyed to motivate and educate users about important security protections that they can either directly control or be subjected to.
Removing drive media from enclosures and utilizing the campus-approved secure destruction contract
An event that results in any of the following:
Unauthorized access or modification to the CSU information assets. An intentional denial of authorized access to the CSU information assets. Inappropriate use of the CSU’s information systems or network resources. The attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations.
A room or other enclosed space with controlled access or a locked cabinet
Specific technical understanding of how to secure the confidentiality, integrity and availability of applications, operating systems and information assets to prevent or detect security incidents
System Administrator (also known as “System Personnel” or “Service Providers”)
Individuals, who manage, operate, support campus information systems; or manage networks.
Secure File Transfer Protocol is a way to transfer a file over an Internet connection directly from one computer to another that's safer and more secure than attaching it to an e-mail message. It's particularly appropriate for large files and for executable program files that CSU, Chico does not permit to be sent via e-mail.
Smart Classrooms are classrooms equipped with a wide range of instructional technologies to enhance students' learning experience.
In the context of the voicemail system, a privilege level that permits the recording of call processor messages. In the context of an ITS project, the name of the individual authorizing the submission of the project proposal.
For the purposes of the CSU Security Program, third parties include, but are not limited to, contractors, service providers, vendors, and those with special contractual agreements or proposals of understanding.
A person or agent that can cause harm to an organization or its resources. The agent may include other individuals or software (e.g. worms, viruses) acting on behalf of the original attacker.
Turning Point is the system, distributed by Turning Technology, that's used in Smart Classrooms to incorporate interactivity into instructional sessions. Each installation comprises a receiver and hand-held devices ('clickers').
Anyone or any system which accesses the CSU information assets. Individuals who need and use University data as part of their assigned duties or in fulfillment of assigned roles or functions within the University community. Individuals who are given access to sensitive data have a position of special trust and as such are responsible for protecting the security and integrity of those data.
Often used interchangeably with malware, a virus is a piece of software designed to do damage to or otherwise adversely affect the integrity of a computer system and/or the data stored on that system. Strictly-speaking a virus, unlike other types of malware, can spread of its own accord without requiring human intervention.
The CSU, Chico VLab (Virtual Lab) is an online service that enables students, staff, and faculty to access on-campus software when they're away from campus or can't get access to a physical lab when they need it.
Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the RFB (remote frame buffer) protocol to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.
A virtual private network (VPN) enables users to privately and securely share information between remote locations, or between a remote location and an organization's internal network.
A flaw within an environment which can be exploited to cause harm.
Use of a NIST or DoD 53330.22M approved method such as three-pass wipes, DBAN, degaussing to NIST standards, or firmware-based purge.
WPA2 is the primary encryption standard used for wireless communications; it requires testing and certification by the Wi-Fi Alliance. Since March 13, 2006, WPA2 certification has been mandatory for any new device to bear the Wi-Fi trademark
Is essentially the technical term for wi-fi. It is a set of standards that govern wireless networking transmission methods used to provide wireless connectivity in the home, office and some commercial establishments.