Confidentiality—“Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…”
A loss of confidentiality is the unauthorized disclosure of information.
Integrity—“Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity…”
A loss of integrity is the unauthorized modification or destruction of information.
Availability-—“Ensuring timely and reliable access to and use of information…”
A loss of availability is the disruption of access to or use of information or an information system.
Risk Assessment is a process which determines what information technology resources exist that require protection, and to understand and document potential risks from IT security failures that may cause loss of information confidentiality, integrity, or availability.
Control Activities are the policies, procedures, techniques, and mechanisms that help ensure that management's response to reduce risks identified during the risk assessment process is carried out.
Information Assets—Definable pieces of information in any form, recorded or stored on any media that is recognized as “valuable” to the University.
Access Control refers to the process of controlling access to systems, networks, and information based on business and security requirements.
ISO (International Organization for Standardization)—An international-standard-setting body composed of representatives from various national standards organizations.
NIST (National Institute of Standards and Technology)—A non-regulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
VPN (Virtual Private Network)—A network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to the University’s network. VPN’s use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
IDS (Intrusion Detection System)—A device (or application) that monitors network and/or system activities for malicious activities or policy violations.
IPS (Intrusion Prevention System)—A device (or application) that identifies malicious activity, logs information about said activity, attempts to block/stop activity, and reports activity.
Encryption—Process of converting information so that it is humanly unreadable except by someone who knows how to decrypt it.