Body
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
A
Account Administrators. Perform the day-to-day work of managing accounts under the guidance of the Account Manager.
Account Disabled. Account is in an unusable state and can only be made usable again through an administrative action
Account Manager. Account managers maintain accounts. They are delegated custodians of protected data.
Account Owner. An individual with ownership of a digital campus identity and related accesses and resources.
Administrative Account. Accounts given to a user that allow the right to modify the operating system or platform settings or those which allow modifications to other accounts.
Authentication. The process of establishing confidence in the identity of users or information systems.
Authentication Method. The authentication mechanism used at the time of user account log in.
Authorization. Access privileges granted to a user, program, or process or the act of granting those privileges.
Availability. The extent to which information is operational, accessible, functional and usable upon demand by an authorized entity (a system or user).
B
Breach. Acquiring of information by a person without valid authorization or through unauthorized acquisition
BYOD. Bring Your Own Device. This refers to the use of personal devices at work.
C
Cloud. A vast network of computer servers located around the globe along with the data, content, applications, databases, and other computing resources that reside on these servers.
Cloud Storage. A model of computer data storage in which the data is stored remotely across multiple physical servers often in multiple physical locations and is accessible through the Internet typically through a cloud storage service provider such as DropBox, Google Drive, or Microsoft OneDrive.
Computer Network Defense. Using defensive measures in order to protect information, information systems, and networks from threats.
Computer Security Incident. A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. A computer security incident is also defined as any event that adversely affect the confidentiality, integrity, or availability of systems and data.
Compromise. A breach of security that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure of non public information and the disruption of university operations.
Confidentiality. The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Control. An action taken to enhance the likelihood that established goals or objectives will be achieved. In the context of IT security, generally an action taken to reduce risk.
Credential. An object that authoritatively binds an identity to a token (i.e. password) possessed and controlled by a person or entity.
Critically. The degree to which SUNY Brockport depends on the information or information systems for the success of the campus mission or of a campus function.
D
Data Privacy. The protection of personal data from those who should not have access to it and the ability of individuals to determine who can access their personal information.
Default Privileged Accounts. These accounts are provided for a particulate system and cannot be removed without affecting the functionality of the system (i.e. root, administrator).
Default Non-Privileged Accounts. Accounts used by people who do not have assigned accounts (guest, anonymous).
E
Electronic Record. Information, evidencing any act, transaction, occurrence, event or other activity, produced or stored by electronic means and capable of being accurately reproduced in forms perceptible by human sensory capabilities
Emergency Accounts. These accounts are intended for short-term use and include restrictions on creation, point of origin, and usage.
Encryption. A technique used to protect the confidentiality of information. The process transforms ("encrypts") readable information into unintelligible text through an algorithm and associated cryptographic key(s).
Entropy. A measure of the amount of uncertainty that an attacker faces to determine the value of a secret such as a password. Entropy is usually stated in bit.
Entitlement Administrator. Responsible for managing the assignment or rights and privileges to a user a group.
H
Hashing. Producing hash values for accessing data or for security. Used to verify the authenticity of messages, applications, and data. Hashing is also a technique used to record user passwords for verification by systems without those systems explicitly knowing the original value of that user's password.
I
Impact. The magnitude of harm that could be caused by a threat.
Incident Response. The manual and automated procedures used to respond to reported network intrusions (real or suspected); network failures and errors and other undesirable events.
Individual Account. A unique account issued to a single user. The account enables the user to authenticate with systems using a digital identity. After a user is authenticated, they are authorized or denied access to systems based on the permissions that are assigned to that user.
Information Owner. an individual or organizational unit responsible for making classification and control decisions regarding the use of information.
Information Security. The concepts, techniques, and measures used to protect information from accidental or intentional unauthorized access, modification, destruction, disclosure or temporary or permanent loss.
Integrity. The property that data has not been altered or destroyed from its intended form or content in an unintentional or an unauthorized manner.
L
Least Privilege. Granting users, programs or processes only the access they specifically need to perform their business task and no more.
M
Multi-Factor Authentication. Using more than one of the following factors to authenticate to a system:
- Something you know (i.e. password, PIN)
- Something you have (smart card, one-time password authentication)
- Something you are (fingerprint, retina scan)
P
Password. A string of characters used to verify the identity of a user during the authentication process.
Patch Management. Addressing vulnerabilities by regularly applying updates to software and firmware and applies to all software used on SUNY Brockport Systems.
Penetration Testing. Test of the overall strength of SUNY Brockport's defenses (technology, processes, people) by simulating the objectives and actions of an attacker.
Personal Device. Any device owned by an individual with the ability to process, store, or transmit information.
Personally Identifiable Information (PII). Information that can be used to distinguish or trace an individuals identity either directly or indirectly through linkages with other information.
Phishing. A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.
Physical Infrastructure. A generic description of any area containing non end-user IT equipment and subsidiary hardware including:
- Mainframes
- Servers
- Communications Equipment
- Printing Facilities
- Media Libraries
- Wiring Closets
Policy. A prescribed or proscribed course of action or behavior which is to be followed with respect to the acquisition, deployment, implementation or use of information technology resources.
Port (Computer Port). A number assigned to communications from various types of applications that assists computers with sending and receiving information to and from those specific applications.
Port Scanning. A common technique that hackers use to discover vulnerable applications and services running on a computer network. During a port scan the attacker attempts to communicate with all the possible applications and services available in order to discover which ones are available, and if they contain any flaws that can be exploited.
Privileged Account. A privileged account is an account which provides increased access and requires additional authorization. Examples include a network, system or security administrator account.
R
Remote Access. The ability to access non-public computing resources from locations other than SUNY Brockport's internal network.
Retention (Data Retention). Policies and procedures related to identifying what data should be stored or archived, where that should happen and for exactly how long for legal compliance, business continuity, historical or cultural preservation and data analytics.
Residual Risk. The remaining potential risks after all IT security measures are applied.
Risk Assessment. The process of identifying threats to information or information systems, determining the likelihood or occurrence of the threat, and identifying system vulnerabilities that could be exploited by the threat.
Risk Management. A process that includes taking actions to assess risk and avoid or reduce risk to acceptable levels.
S
Security (information security). The processes and tools designed and deployed to protect sensitive information from modification, disruption, destruction, and inspection.
Security Event. Any observable occurrence or activity that impacts the security of information and information systems.
Security Incident. A confirmed or suspected security breach that requires a response.
Sensitivity Level. A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.
Sensitive Information. Any data that must be protected from unauthorized access to safeguard the privacy or security of an individual or the university.
Service Accounts. An account which is not intended to be given to a user but is provided for a computer process. Typically this account type is used to run batch jobs or start services independent of user interaction.
Shared Account. A shared account is any account where more than one person knows the password and/or uses the same authentication token.
Significant Change. Includes but is not limited to:
- Adding/deleting/modifying features functionality of existing systems
- Substantial redesign of the existing system or environment
- Other modifications that could substantially affect the system security
Exclusions include, but are not limited to:
- Changes in wording, adding links to an outside site, adding a document to a web site
- Installing vendor supplied security patches to the underlying software or operating system
- Uploading data into a database
Standard. Sets of rules for implementing policy. Standards make specific mention of technologies, methodologies, implementation procedures and other detail factors.
System. An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, applications, and communications.
T
Temporary Accounts. These accounts are intended for short-term use and include restrictions on creation, point of origin, usage and must have start and stop dates.
Threat. A potential circumstance, entity or event capable of exploiting vulnerability and causing harm. Threats can come from natural causes, human actions, or environmental conditions. A threat does not present a risk when there is no vulnerability.
U
Unauthorized Disclosure. When personally identifiable information is made available to a third party who does not have legal authority to access the information.
University Data. Data that is collected, accessed, stored or transmitted by university employees or partners.
V
Virtual Private Network (VPN). A service used for extending access to the internal university network across multiple other networks. Commonly used by community members working remotely to access specific internal campus resources.
Vulnerabilities. A weakness that can be accidentally triggered or intentionally exploited.
W
Wireless Technology. Technology that permits the transfer of information between separate points without physical connection. Currently wireless technologies use infrared, acoustic, radio frequency, and optical.