ITS Security Standard: Incident Response Program - Definitions
Account - Combination of user name and password that provides an individual with access to a system or network
Application - A software program designed to perform a specific function for one or more users
Approved Reporting Methods - While the preferred method for reporting is abuse@calpoly.edu, to ensure confidentiality, other more secure methods may be used, including contacting the Office of the CIO, Information Security Office, or Service Desk by phone or in person, or submitting a confidential trouble ticket
Auxiliary - Non-State supported and self-support organizations affiliated with Cal Poly
Availability -The need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it
Confidentiality - The need to ensure that information is disclosed only to those who are authorized to view it
Data - Individual facts, statistics or items of information represented in either electronic or non-electronic forms
Enterprise Production Service -Application or system that provides simultaneous services to a large number of users, typically over a network
External or Third Parties - Include, but are not limited to, contractors, service providers, carriers, vendors, and those with special contractual agreements or proposals of understanding with Cal Poly; as well as entities not affiliated with Cal Poly such as Internet Service Providers, government agencies, businesses, and organizations
Incident - Any event, successful or unsuccessful, that threatens or has the potential to negatively impact the confidentiality, integrity or availability of university information assets; an event that results in the unauthorized access, use, disclosure, modification, or destruction of information assets; intentional denial of authorized access; interference with system operations; or inappropriate use of IT resources; any violation of information security or IT related policies or standards may be considered an incident
Information Asset - Information systems, data, and network resources to include automated files and databases
Information Security - Protecting the confidentiality, integrity and availability of information assets from unauthorized access,use, disclosure, disruption, modification or destruction
Information System - A combination of hardware, network and other information technology resources that are used to support applications and/or to process, transmit and store data
Integrity - The need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete
Malicious Software - Software designed to damage or disrupts information assets
Network - A series of points or nodes interconnected by communication paths that can transmit data, voice, or video signals; includes network devices such as routers, switches, wireless access points, firewalls; the transmission method such as fiber optic cable; and any associated transmission capability (bandwidth)
Network, System or Application Administrator (Campus IT Coordinator) - The individual responsible for administering, managing, operating or supporting an application, network,information system or other university information asset
Personally Identifiable Information - Any information that identifies or describes an individual, including but not limited to first name or initial and last name in combination with one or more data elements, such as Social Security number,driver’s license, birth date, account numbers, physical description, address, phone number, financial matters, medical or employment history (California Information Practices Act)
Security Breach - The unauthorized acquisition or disclosure of data that compromises the confidentiality, integrity or availability of personally identifiable information maintained by Cal Poly in an unencrypted form; may require notification to affected users in accordance with applicable laws
Threat - A person or agent that can cause harm to an organization or its resources, including other individuals or malicious software acting on behalf of the original attacker
User - Anyone or any system with access to Cal Poly information assets
Continue to Roles and Responsibilities | Return to Table of Contents