Account Disabled. Account is in an unusable state and can only be made usable again through an administrative action
Account Manager. Account managers maintain accounts. They are delegated custodians of protected data.
Account Administrators. Perform the day-to-day work of managing accounts under the guidance of the Account Manager.
Administrative Account. Accounts given to a user that allow the right to modify the operating system or platform settings or those which allow modifications to other accounts.
Authentication. The process of establishing confidence in the identity of users or information systems.
Authentication Method. The authentication mechanism used at the time of user account login.
Authorization. Access privileges granted to a user, program, or process or the act of granting those privileges.
Availability. The extent to which information is operational, accessible, functional and usable upon demand by an authorized entity (a system or user).
Breach. Acquiring of information by a person without valid authorization or through unauthorized acquisition
BYOD. Bring Your Own Device. This refers to the use of personal devices at work.
Computer Network Defense. Using defensive measures in order to protect information, information systems, and networks from threats.
Computer Security Incident. A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. A computer security incident is also defined as any event that adversely affect the confidentiality, integrity, or availability of systems and data.
Confidentiality. The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Control. An action taken to enhance the likelihood that established goals or objectives will be achieved. In the context of IT security, generally an action taken to reduce risk.
Credential. An object that authoritatively binds an identity to a token (i.e. password) possessed and controlled by a person or entity.
Critically. The degree to which SUNY Brockport depends on the information or information systems for the success of the campus mission or of a campus function.
Default Privileged Accounts. These accounts are provided for a particulate system and cannot be removed without affecting the functionality of the system (i.e. root, administrator).
Default Non-Privileged Accounts. Accounts used by people who do not have assigned accounts (guest, anonymous).
Electronic Record. Information, evidencing any act, transaction, occurrence, event or other activity, produced or stored by electronic means and capable of being accurately reproduced in forms perceptible by human sensory capabilities
Emergency Accounts. These accounts are intended for short-term use and include restrictions on creation, point of origin, and usage.
Encryption. A technique used to protect the confidentiality of information. The process transforms ("encrypts") readable information into unintelligible text through an algorithm and associated cryptographic key(s).
Entropy. A measure of the amount of uncertainty that an attacker faces to determine the value of a secret such as a password. Entropy is usually stated in bit.
Entitlement Administrator. Responsible for managing the assignment or rights and privileges to a user a group.
Hashing. Producing hash values for accessing data or for security. Used to verify the authenticity of messages, applications, and data. Hashing is also a technique used to record user passwords for verification by systems without those systems explicitly knowing the original value of that user's password.
Impact. The magnitude of harm that could be caused by a threat.
Incident Response. The manual and automated procedures used to respond to reported network intrusions (real or suspected); network failures and errors and other undesirable events.
Individual Account. A unique account issued to a single user. The account enables the user to authenticate with systems using a digital identity. After a user is authenticated, they are authorized or denied access to systems based on the permissions that are assigned to that user.
Information Owner. an individual or organizational unit responsible for making classification and control decisions regarding the use of information.
Information Security. The concepts, techniques, and measures used to protect information from accidental or intentional unauthorized access, modification, destruction, disclosure or temporary or permanent loss.
Integrity. The property that data has not been altered or destroyed from its intended form or content in an unintentional or an unauthorized manner.
Least Privilege. Granting users, programs or processes only the access they specifically need to perform their business task and no more.
Multi-Factor Authentication. Using more than one of the following factors to authenticate to a system:
- Something you know (i.e. password, PIN)
- Something you have (smart card, one-time password authentication)
- Something you are (fingerprint, retina scan)
Patch Management. Addressing vulnerabilities by regularly applying updates to software and firmware and applies to all software used on SUNY Brockport Systems.
Penetration Testing. Test of the overall strength of SUNY Brockport's defenses (technology, processes, people) by simulating the objectives and actions of an attacker.
Phishing. A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.
Physical Infrastructure. A generic description of any area containing non end-user IT equipment and subsidiary hardware including:
- Mainframes
- Servers
- Communications Equipment
- Printing Facilities
- Media Libraries
- Wiring Closets
Policy. A prescribed or proscribed course of action or behavior which is to be followed with respect to the acquisition, deployment, implementation or use of information technology resources.
Privileged Account. A privileged account is an account which provides increased access and requires additional authorization. Examples include a network, system or security administrator account.
Remote Access. The ability to access non-public computing resources from locations other than SUNY Brockport's internal network.
Residual Risk. The remaining potential risks after all IT security measures are applied.
Risk Assessment. The process of identifying threats to information or information systems, determining the likelihood or occurrence of the threat, and identifying system vulnerabilities that could be exploited by the threat.
Risk Management. A process that includes taking actions to assess risk and avoid or reduce risk to acceptable levels.
Sensitivity Level. A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.
Service Accounts. An account which is not intended to be given to a user but is provided for a computer process. Typically this account type is used to run batch jobs or start services independent of user interaction.
Shared Account. A shared account is any account where more than one person knows the password and/or uses the same authentication token.
Significant Change. Includes but is not limited to:
- Adding/deleting/modifying features functionality of existing systems
- Substantial redesign of the existing system or environment
- Other modifications that could substantially affect the system security
Exclusions include, but are not limited to:
- Changes in wording, adding links to an outside site, adding a document to a web site
- Installing vendor supplied security patches to the underlying software or operating system
- Uploading data into a database
Standard. Sets of rules for implementing policy. Standards make specific mention of technologies, methodologies, implementation procedures and other detail factors.
System. An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, applications, and communications.
Temporary Accounts. These accounts are intended for short-term use and include restrictions on creation, point of origin, usage and must have start and stop dates.
Threat. A potential circumstance, entity or event capable of exploiting vulnerability and causing harm. Threats can come from natural causes, human actions, or environmental conditions. A threat does not present a risk when there is no vulnerability.
Vulnerabilities. A weakness that can be accidentally triggered or intentionally exploited.
Wireless Technology. Technology that permits the transfer of information between separate points without physical connection. Currently wireless technologies use infrared, acoustic, radio frequency, and optical.