Definitions

Information Security is protecting the confidentiality, integrity and availability of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.

Confidential Data - Also referred to as "protected", "sensitive", and "level 1" is information whose unauthorized disclosure, compromise or destruction would result in severe damage to Cal Poly, its students, or employees. Financial loss, damage to Cal Poly’s reputation, and possible legal action could occur. Level 1 information is intended solely for use by Cal Poly employees, its auxiliary employees, contractors, and vendors covered by a confidentiality-security agreement with a business need-to-know. Statutes, regulation, other legal obligations or mandates protect much of this information. Disclosure of Level 1 information to persons outside of the University is governed by specific standards and controls designed to protect the information. The Information Classification and Handling Standard contains a comprehensive list of level1 data.

Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.

Guidelines are recommended or suggested actions that can supplement an existing standard or provide guidance where no standard exists. They may or may not be technology agnostic.

Integrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete.

Open Wi-Fi - Also called "hotspots" refers to a wireless network access point that is NOT secure.

Password Vault - Also called a "password safe" is a software program that stores passwords and login information securely in a single location.

Policies are high-level statements of principle, equivalent to organizational law, that provide technology agnostic scope and direction to the campus community.

Practices consist of one or more series of interrelated steps to be taken to achieve a specific goal designed to implement a policy, standard or guideline. They are detailed descriptions that may use specific technologies, instructions and forms to facilitate completing the process.

Standards establish specific criteria and minimum baseline requirements or levels that must be met to comply with policy. They are typically technology agnostic and they provide a basis for verifying compliance through audits and assessments.

Trusted Network is a network that has a secured infrastructure (which includes encryption for wireless, WPA-2), and you trust the people that may be using it with you.

 

CSU Security Policy Glossary

 

SANS- Glossary of Security Terms

 

 

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips