UW-Madison - CIO - IT Policy Glossary

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

No entries.

A

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

access control 

A combination of identification, authentication, authorization and audit that seeks to assure that only authorized entities are able to access protected resources.

See also: Wikipedia (access control)Wikipedia (information security > access control), Wiktionary (access control)

Used in: IAccess, NetID AUS

Updated: Jul 2, 2008, Jun 12, 2013 (added references)

access control service

An electronic service that provides resources used for access control.

Updated: Jul 2, 2008

ACT

AuthN/Z Coordinating Team. A campus team that coordinates projects and policy related to authentication and authorization. (The team is no longer meeting.)

See: https://wiki.doit.wisc.edu/confluence/display/AUTHNZ/Home (historical), https://wiki.doit.wisc.edu/confluence/display/IAMP/IAM+Stakeholders (current equivalents)

Updated: Jul 2, 2008, Jun 12, 2013 (added references, historical information)

application

A computer program or combination of programs which process information. Processing information includes such things as receiving, storing, retrieving, transforming and transmitting information. Applications run on computer systems.

Synonyms: computer program, computer application

See also: Wikipedia (Computer application)

Used in: IAccess, IReport Recommendations, NetID AUS, nUWGuidance

Updated: Jul 2, 2008, Jun 12, 2013 (added references)

additional decryption key

An extra public key used to encrypt a backup copy of the symmetric block cipher key which is encrypting some underlying data. The extra key is only used in specific circumstances such as loss of the owner's private key, disaster recovery or to meet legal requirements. This is one of two organizational key recovery mechanisms, the other being key escrow.

See also: Wikipedia (Key management), Wikipedia (Encryption)

Used in: IEncrypt Recommendations

Updated: Mar 6, 2009, Jun 12, 2013 (added references)

administrative security controls

Security controls involving analysis and decision-making by management.

See also: Wikipedia (Information security > Administrative), Wikipedia (Security controls)

Used in: IEncrypt Recommendations

Updated: Mar 6, 2009, Jun 12, 2013 (added references)

archive (of data)

A long-term copy of data kept for its historical interest or to meet record retention requirements. A data archive is distinguished from a data backup. A data archive stores data in a form that is readily accessible by software applications. A data backup stores data and applications in a format that supports restoration of part or all of a computer system.

See also: , IT Policy Index (Data handling), http://archives.library.wisc.edu/records/ (records management), Wikipedia (Archive), Wiktionary (archive)

Used in: IEncrypt Recommendations

Updated: Mar 6, 2009, Jun 12, 2013 (added references)

asymmetric key

A type of encryption key consiting of a public key and a private key. For example, PKI uses asymetic keys.

Related terms: UW Digital ID

See also: Wikipedia (Public-key cryptography)

Updated: Jun 17, 2013

audit (security)

See: Wikipedia (security audit)

Updated: Jun 12, 2013 (defined by references)

authentication

The process by which a presented identifier is proved, validating identity. Authentication is usually accomplished through the presentation of tokens.

Clarification: Care should be taken to distinguish between authorization and Authorization is a decision that occurs after authentication. The amount of information needed to make an authorization decision is usually greater than the amount of information needed to authenticate the entity. For example: the NetID username and password are sufficient to authenticate a user, but other information such as enrollment status or employment status is needed before access is authorized to resources that are reserved for use by faculty, staff and students.

See also: Wikipedia (Authentication), Wiktionary (authentication)

Used in: IAccess, NetID AUS

Updated: Jul 2, 2008, Jun 12, 2013 (added references)

authorization

The process by which a previously authenticated entity is granted access to protected resources. When the same identifier is used for authentication by several different electronic services, it is usually necessary to know additional information about the entity to determine the extent to which the entity is entitled to access the protected resources.

Clarification: Care should be taken to distinguish between authorization and authentication. Authorization is a decision that occurs after authentication. The amount of information needed to make an authorization decision is usually greater than the amount of information needed to authenticate the entity. For example: the NetID username and password are sufficient to authenticate a user, but other information such as enrollment status or employment status is needed before access is authorized to resources that are reserved for use by faculty, staff and students.

See also: Wikipedia (Authorization), Wiktionary (authorization)

Used in: IAccess, NetID AUS

Updated: Jul 2, 2008, Jun 12, 2013 (added references)

authN/Z 

"authentication and authorization".

See: authentication, authorization

Updated: 12 Jun, 2013

B

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

BA

"Business Associate". In IT policy at UW-Madison this usually refers to a business associate under HIPAA.

See: Business Associate

Updated: 14 Jun, 2013

backup (of data)

A copy of all or portions of software applications or data files on a system kept on storage media, such as tape or disk, or on a separate computer system so that files can be restored if the original data is deleted or damaged.

See also: Wikipedia (data backup)

Updated: Mar 6, 2009

block cipher

A form of encryption.

See also: Wikipedia (Block cipher)

Updated: Jun 17, 2013

A 3rd party processing sensitive data under contract to a university unit. Business associates have the same duty of care as data stewards, particularly for HIPAA data.

Used in: IEncrypt Recommendations

Updated: Mar 6, 2009

C

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

CIO

"Chief Information Officer". Many schools, colleges and divisions at UW-Madison have CIO's. In the context of IT policy, CIO always refers to the CIO of UW-Madison, who is also the Vice Provost for Information Technology (VP IT).

See http://www.cio.wisc.edu/.
See also: Wikipedia (Chief information officer)

Updated: Jan 15, 2009, Jun 12, 2013 (added references, UW-Madison-specfic information.)

compensating controls

Alternative security controls that are used when it is not feasible or practical to implement of a required security control.

See also: Wikipedia (Security controls)

Used in: IEncrypt, IEncrypt Recommendations

Updated: Mar 6, 2009, 12 Jun, 2013 (re-worded, added references)

computer system

The computer hardware and operating environment. A computing device or a computerized device is a simpler or more specialized computer system. Applications run on computer systems.

Examples: workstation, laptop, notebook (computer), PDA, PC, Mac

See also: Wikipedia (Computer system)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

computing device

A simpler or more specialized computer system. Also referred to simply as a "device".

Updated: Feb 20, 2009

custodian

Also: custodial, custodianship, etc.

See data custodian.

credential

A credential is a combination of an identifier and a token (and in some cases additional information) that can be used for access control. A username and password pair is a credential.

Example: NetID username and password

See also: authentication, Wikipedia (Identity management)

Used in: IAccess, NetID AUS

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

D

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

data

The binary machine-readable representation of information. The terms data and information are often used interchangeably. The context may suggest if the distinction between data and information is significant.

See also: Wikipedia (Data)

Updated: Nov 20, 2008, 12 Jun, 2013 (added context)

data center

A data center is a facility to house computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and security devices.

See also: Wikipedia (Data center)

Updated Mar 9, 2009, 12 Jun, 2013 (added references)

data custodian

An individual or unit responsible for the implementation of data (or information) systems and the technical management of data (or information) resources.

Related terms: data steward

Note: According to this definition, DoIT is the data custodian of the data in several of the university's enterprise systems. In the past, UW-Madison data stewards such as the Registrar's Office (RO) or the Office of Human Relations (OHR) have been called data custodians. The terminology in the IT industry is constantly evolving.

See also: Wikipedia (Data custodian)

Updated: March 5, 2009

data steward

An individual or unit with delegated responsibility for all aspects of how data is acquired, used, stored and protected throughout its entire lifecycle from acquisition through disposal or archive.

Related terms: data custodian

See also: Wikipedia (Data custodian), (note: as of the date last updated, the Wikipedia Data steward entry primarily discusses meta-data – a rather specialized role of a data steward.)

Updated: March 5, 2009, 12 Jun, 2013 (added references, clarified wikipedia reference)

decryption

Recovering plaintext, readable data from obfuscated data by reversing an encryption procedure. Block ciphers decrypt with the same secret key as was used to encrypt; asymmetric ciphers can encrypt with either the public or private key, but must decrypt with the other.

See also: Wikipedia (Encryption)

Updated: Mar 6, 2009, 17 Jun, 2013 (added references)

desktop computer

A computer system in a fixed location such as a desktop in an office or other work area, as distinguished from a laptop.

See also: Wikipedia (Desktop computer)

Updated: Jul 2, 2008, Oct 26, 2012, 12 Jun, 2013 (added references)

E

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

e-discovery

Federal rules regarding court-ordered access to electronic information.

See also: Wikipedia (E-discovery)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

electronic service

One or more applications on one or more computer systems that process information or otherwise make resources available to entities. Such computer systems are often called "servers".

Abbr.: service
Synonymns: computer service, information service

Updated: Jul 2, 2008

encryption

Obscuring data by a reversible transformation using an algorithm which is initialized with a secret (the encryption key).

See also: Wikipedia (Encryption)

Updated: Mar 6, 2009, 12 Jun, 2013 (added references)

encryption key

The secret in a cryptosystem, used to initialize the encryption algorithm. See also: Private key.

See also: private key, Wikipedia (Encryption), Wikipedia (Key management)

Updated: Mar 6, 2009, 12 Jun, 2013 (added references)

entity

A person (usually called a "user",) a computer system or application. Used when the reference is to some combination of users, computer systems and/or applications.

Related terms: user

See also: Wikipedia (Identity management)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

F

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

FERPA

"Family Educational Rights and Privacy Act". FERPA is a federal law that governs the privacy of student educational records, access to those records, and disclosure of information from them.

See also: UW-Madison webpage on Student Privacy Rights, Wikipedia (FERPA)

G

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

guidelines

Guidelines are recommendations. They are optional, more changeable than policies, and often more complex. There may be many exceptions to them.

See also: UW-Madison Office of the CIO IT Policy Program (Executive Summary)

Updated: March 5, 2009, 12 Jun, 2013 (added references)

H

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

HIPAA

Health Insurance Portability and Accountability Act. The act, and associated regulations published by the federal Department of Health and Human Services, sets standards for the privacy and security of health care information.

See also: UW-Madison HIPAA website, Wikipedia (Hipaa)

Updated: Jul 2, 2008,  12 Jun, 2013 (added references)

I

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

IAA

1. Identification, Authentication and Authorization. An older term that refers to the entire process involving all three.

See also: Wikipedia (Identity management)

2. Abbreviation for the UW-System-wide identity and access control service.

See also:  http://www.uwsa.edu/olit/iaa/

Updated: Jul 2, 2008

IAM

1. "Identity and Access Management".

Synonyms: IAA (1)

See also: Wikipedia (Identity management)

2. Informal name for a UW System initiative involving the purchase of a complete suite of identity and access management software for implementation system-wide and at UW-Madison.

See: https://wiki.doit.wisc.edu/confluence/display/IAMP/IAM+Stakeholders (project wiki)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

identification

The process by which an entity makes itself known for purposes of access control.

Related terms: IAA, IAM, identity management

See also: Wikipedia (Identity management)

Updated: Jul 2, 2008

identifier

1. An identifier expresses identity and must be unique in the context in which it is used.

Related terms: username

See also: Wikipedia (Identity management)

2. One of two parts of a credential, the other part being the token.

Related terms: username

See also: Wikipedia (Identity management)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

identity

Identity is who someone or what something is, for example, the name by which something is known.

See also: Wikipedia (Identity management)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

identity management

1. Management of business processes, applications and electronic services involving identification.

See also: Wikipedia (Identity management)

2. An earlier informal term for the processes later called IAA (1) and more recently IAM.

Related terms: IAA, IAM, IMLG

See also: Wikipedia (Identity management)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

IEncrypt

Policy ID for the UW-Madison Policy on Storage, Transmission and Encryption of Sensitive Information.

See: http://www.cio.wisc.edu/IEncryptPolicy.pdf (published policy), https://wiki.doit.wisc.edu/confluence/display/POLICY/IEncrypt (development and history)
See also: IT Policy IndexWikipedia (Encryption

Updated: Jul 2, 2008, 12 Jun, 2013 (re-organized, added references)

IMLG

"Identity Management Leadership Group". A group of Deans and Directors who provide high-level leadership for UW-Madison activities involving identity management.

Updated: Jan 15, 2009

implementation (of an IT policy)

The process of creating or documenting the guidelines, procedures, standards and other infrastructure to support an IT Policy, and communicating the result to the affected members of the UW-Madison community.

See: https://wiki.doit.wisc.edu/confluence/display/POLICY/IT+Policy+Process

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

information

Data that has been processed into a format that is understandable by its intended audience. The terms data and information are often used interchangeably. The context may suggest if the distinction between data and information is significant.

Updated: 12 Jun, 2013 (added context)

information incident

An event in which there is a reasonable belief that UW-Madison sensitive information was accessed by or accessible to unauthorized persons. A reportable incident is defined in the UW-Madison Information Incident Reporting Policy.

Updated: Nov 20, 2008

information incident response process

The UW-Madison process for investigating and responding to information incidents. (Can be found in the UW-Madison Information Incident Reporting Policy.)

See: http://www.cio.wisc.edu/IReportPolicy.pdf (published policy), https://wiki.doit.wisc.edu/confluence/display/POLICY/IRespond (development)
See also: information incidentWikipedia (Computer security incident management) 

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

IRespond

A policy initiative to the develop a process for investigating and responding to information incidents. (Merged with IReport.)

See: http://www.cio.wisc.edu/IReportPolicy.pdf (published policy), https://wiki.doit.wisc.edu/confluence/display/POLICY/IRespond (development)
See also: information incidentWikipedia (Computer security incident management) 

Updated: Jul 2, 2008, 12 Jun, 2013 (added references, historical information)

information security controls

See security controls.

Updated: Jul 2, 2008

institutionally approved key recovery system

A key recovery system that is approved for use for records and other official university data. Use of such key recovery assures that the encrypted data is accessible by the institution.

See also: key recovery

Updated: Mar 6, 2009, 12 Jun, 2013 (added cross-reference)

institutionally managed

Electronic services, credentials or other resources widely used throughout the institution and managed on behalf of the whole institution, as distinguished from those that are locally managed because they are used less widely and are managed on behalf of a part of the institution.

Clarification: Institutionally managed is not a synonym for "centrally managed" or "DoIT managed". It is not a question of who manages it. Instead, the question is on whose behalf it is managed (i.e. "on behalf of the whole institution") and how widely it is used (i.e. "widely used throughout the institution.) Electronic services increasingly have "distributed management" but can still be managed in that manner on behalf of the entire institution. Several units other than DoIT have "centrally managed" electronic services that are widely used throughtout the institution. For example: parking.

Updated: Jul 2, 2008

IReport

Policy ID for the UW-Madison Information Incident Reporting Policy.

See: http://www.cio.wisc.edu/IReportPolicy.pdf (published policy), https://wiki.doit.wisc.edu/confluence/display/POLICY/IReport (development and history)
See also: information incident, IT Policy IndexWikipedia (Computer security incident management) 

Updated: Jul 2, 2008, 12 Jun, 2013 (re-organized, added references)

IT

"Information Technology".

See also: Wikipedia (Information Technology)

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

IT policy

A policy with a significant IT component, in the context of the IT Policy Process at UW-Madison.

See: http://www.cio.wisc.edu/policies.aspx (published policies), https://wiki.doit.wisc.edu/confluence/display/POLICY/ (policy development)

Updated: Jul 2, 2008, 12 Jun, 2013 (clarified context, added references)

IT policy plan

A one year plan outlining compelling needs and the current and proposed IT policy initiatives to address those needs, in the context of the IT Policy Process at UW-Madison.

See: https://wiki.doit.wisc.edu/confluence/display/POLICY/IT+Policy+Plan.

Updated: Jul 2, 2008, 12 Jun, 2013 (clarified context)

IT policy process

A process describing the steps in the lifecycle of an IT Policy at UW-Madison.

See: https://wiki.doit.wisc.edu/confluence/display/POLICY/IT+Policy+Process

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

J

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

No entries.

K

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

key escrow

A key recovery procedure in which an organization keeps an extra copy of a private key from an asymmetric public/private key pair. The extra copy is only used in specific circumstances such as loss of the original or its passphrase, disaster recovery or to meet legal requirements. This is one of two organizational key recovery mechanisms, the other being additional decryption keys.

See also: Wikipedia (Key management)

Updated: Mar 6, 2009, 12 Jun, 2013 (added references)

key recovery

A procedure for ensuring that data may still be decrypted even if the original private key is lost. Typically involves either key escrow or additional decryption keys.

See also: Wikipedia (Key management)

Updated: Mar 6, 2009, 12 Jun, 2013 (added references)

L

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

laptop

A portable computer, as distinguished from desktop computers or servers which are generally much less portable.

See also: Wikipedia (Laptop computer)

Updated: Oct 26, 2012

logical security controls

See: security controls

See also: Wikipedia (Information_security > Logical)

Updated: 12 Jun, 2013,3 Dec, 2013 (renamed from "logical access controls" to "logical security controls")

M

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

media

Data storage, such as portable media, or disk drives installed inside of a computer. Generally used in the computing industry to refer to electronic media, although paper is also a storage medium.

Updated: Nov 20, 2008

N

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

NetID

The identifier portion of the NetID username and password credential.
Note: Sometimes this term is used informally to refer to the entire credential (both the identifier and the token,) but technically correct usage refers only to the identifier.

Synonyms: NetID username

Updated: Jul 2, 2008

NetID credential

See: NetID username and password

NetID password

The token portion of the NetID username and password credential.

Updated: Jul 2, 2008

NetID username

The identifier portion of the NetID username and password credential.

Synonyms: NetID
Updated: Jul 2, 2008

NetID username and password

UW-Madison's current institutionally managed credential used for access control for electronic services. The username is the identifier. The password is the token.

Synonyms: NetID credential

Updated: Jul 2, 2008

O

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

obfuscation

See: Wikipedia (Obfuscation)

Added Dec 3, 2013

OCIS

Office of Campus Information Security." See: http://www.cio.wisc.edu/security/.

operational security controls

Security controlsimplemented through operational procedures of an organization. Generally involve the behavior of people rather than the behavior of computing systems.

See also: Wikipedia (Security controls)

Updated: Mar 6, 2009, 12 Jun, 2013 (added references)

P

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

password

The token portion of a credential that consists of a username and password pair.

See also: UW-Madison Responsible Use Policy, Authentication

Updated: Jul 2, 2008, 14 Jun, 2013 (re-worded for clarity, added references)

passphrase

A lengthy but easily remembered phrase from which is derived a secret key. A passphrase is commonly used to encrypt and decrypt private keys in PKI.

See also: Encryption

Updated: Mar 6, 2009, 14 Jun, 2013 (added references)

PCI DSS

"Payment Card Industry Data Security Standard". Payment card information (PCI) must be protected according to this standard. This standard is also adoped at UW-Madison for Restricted Data.

See also: Wikipedia (PCI DSS)

Updated: Jul 2, 2008, 14 Jun, 2013 (added references)

personal identity information

Abbreviated "PII". Also called "Personally Identifiable Information", and other variants. Consists of personal identifiers such as name, address, driver's license, social security number and other information that when used alone or in combination can identify a person. Many items of personal identify information are categorized as Restricted Data.

See also: restricteddataWikipedia (Personally identifiable information)

Updated: Jun 3, 2009, 14 Jun, 2013 (made this the main entry, added references)

PHI

"Personally identifiable Health Information", a term that is defined by HIPAA. At UW-Madison PHI is categorized as a type of Restricted Data.

See also: Wikipedia (Protected health information)

Updated: Jul 2, 2008, 14 Jun, 2013 (added references)

physical security controls

See: Security Controls

See also: Wikipedia (Information security > Physical)

Updated: Jun 14, 2013 (added references)

PII

"Personal Identity Information". See: Personal Idientity Information

Updated: Jul 2, 2008, 14 Jun, 2013 (re-directed to "personal identity information")

PKI

"Public Key Infrastructure". A hierarchical system of public and private keys stored in digital certificates signing or encrypting data. The UW-Madison implementation of PKI is named "UW Digital ID".

See also: UW Digital ID (Product Overview), Wikipedia (Public key infrastructure), Wikipedia (Encryption)

Updated: Jul 2, 2008, 14 Jun, 2013 (added UW Digital ID, references)

policy

A policy states what people must or must not do. They are mandatory, change slowly and are short and simple. They have few exceptions. (As used in the IT Policy Process at UW-Madison.)

See also: https://wiki.doit.wisc.edu/confluence/display/POLICY/Program

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

policy stakeholders team

A team of representatives from UW-Madison units that makes recommendations to the CIO regarding the desired outcomes and implementation considerations of a proposed policy. (As used in the IT Policy Process at UW-Madison.)

See also: https://wiki.doit.wisc.edu/confluence/display/POLICY/Program

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

portable device

A computing device or communications device designed for easy transport such as a digital camera, digital music player, cell phone, PDA and many more.

Updated: Mar 6, 2009

portable media

Media designed for easy transport such as an external hard drive, flash device, magnetic tape, CD, DVD, SD memory card, and many more. Distinguished from less portable media such as internal hard drives.

Updated: Nov 20, 2008

principles

Principles are guides to future decision-making. A principle generally requires further interpretation in order to apply it to specific circumstances. (As used in the context of IT Policy at UW-Madison.)

See also: https://wiki.doit.wisc.edu/confluence/display/POLICY/Program

Updated: Jul 2, 2008, 12 Jun, 2013 (added references)

private key

The hidden half of a public/private key pair used in an asymmetric cryptosystem. Encrypting with private keys and decrypting with public keys is used for digital signatures; decrypting with private keys after encrypting with public keys is used to distribute block cipher secret keys.

See also: Wikipedia (Public key infrastructure), Wikipedia (Encryption)

Updated: Mar 6, 2009, 2 Jun, 2013 (added references)

procedures

Procedures document "how to." They are implementation details of policies or guidelines. They change as technology or operational need changes. (As used in the IT Policy Process at UW-Madison.)

Updated: Jul 2, 2008

PST

"Policy Stakeholders Team"

See: Policy Stakeholders Team

Updated: Jul 2, 2008

public key

The public half of a public/private key pair used in an asymmetric cryptosystem. Block cipher secret keys are encrypted with public keys when sending encrypted data; message digests are decrypted with public keys when verifying a digital signature. Public keys are widely distributed to anyone communicating with the private key holder (see PKI).

See also: Wikipedia (Public key infrastructure), Wikipedia (Encryption)

Updated: Mar 6, 2009, 2 Jun, 2013 (added references)

public records

Chapter 16.61 Wis Stats. "Public records" means all books, papers, maps, photographs, films, recordings, optical disks, electronically formatted documents or other documentary materials, regardless of physical form or characteristics, made, or received by any state agency or its officers or employees in connection with the transaction of public business, and documents of any insurer that is liquidated or in the process of liquidation under ch. 645

Updated: Mar 6, 2009

Q

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

No entries.

R

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

records

  1. Data or information that has been fixed on some medium; that has content, context, and structure; and that is used as an extension of human memory or to demonstrate accountability.
  2. ISO 15489 definition: information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business.

Updated: Mar 6, 2009

records management

Efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.

Updated: Mar 6, 2009

resource

A computer system, application, information or something else of value that is useful to an entity. A protected resource is a resource that only authorized entities are permitted to access.

Updated: Jul 2, 2008

restricted data

A formally defined category of information at UW-Madison, that includes such elements as personal identify information (PII), financial account information, credit card numbers (PCI), and medical information covered by HIPAA (PHI).

See the definition of restricted data at: Restricted Data Security Standards.

Related terms: HIPAAPCI, PCI DSSPII, sensitive information,

Updated: Nov 20, 2008, 14 Jun, 2013 (added references)

risk

Many different formulas exist, almost all of which are calculations of "expected value." Risk can be roughly summarized as the sum for all events of: (the severity of the consequences of the event) X (the probability of the event). For estimating purposes a scale of "high", "medium" and "low" is often used to measure both severity and probability. An event that is "high severity and high probability" is riskiest.

Updated: Mar 6, 2009

risk assessment

Identification, evaluation, and estimation of the levels of risks involved in a situation, their comparison against benchmarks or standards, and determination of an acceptable level of risk.

Updated: Mar 6, 2009

risk management

The process of risk assessment and selection of security controls to reduce risk to an acceptable level. Generally involves achieving a balance between the amount of resources devoted to reducing risk and the amount of risk that is acceptable.

Updated: Mar 6, 2009

S

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

security controls

Administrative, operational and technical measures to protect the confidentiality, integrity and availability of information, and organizational reputation. See also: administrative security controls, operational security controls and technical security controls. Another method of categorizing security controls divides them into administrative security controls, logical security controls, and physical security controls.

See also: OCIS Departmental IT Security BaselineRestricted Data Security Standards, Wikipedia (Security controls)

Updated: Mar 6, 2009, 12 Jun, 2013 (added references, alternative categorization of controls)

sensitive information  

A formally defined category of information at UW-Madison that includes Restricted Data and other information that might be damaging to individuals or the institution if it were accessed by unauthorized persons. There a many types of sensitive information, for example, student records (protected by FERPA,) employment records (protected by state law,) and intellectual property such as copyrighted materials and patentable research.

See: Sensitive Data Definition (pdf)

Related terms: FERPA, Restricted Data,

See also: Who Has Sensitive Data? (pdf)

Updated: Feb 20, 2009

server

A computer system that provides "services" over the network, such as file services, internet services, email services, and many more, While most computer systems are capable of providing such services, a server is usually dedicated to that use and is generally located in a specialized facility designed for that purpose, as distinguished from a workstation that is located in a single location such as an office or other work area, or a laptop which is a portable computer.

Updated: Mar 6, 2009

standards

Standards offer criterion for consistency. They are measurable, have checkpoints and are validated through a review process. (As used in the IT Policy Process at UW-Madison.)

See also: https://wiki.doit.wisc.edu/confluence/display/POLICY/ProgramWikipedia (Technical standard) 

Updated: Jul 2, 2008, Jun 12, 2013 (added references)

steward

Also: stewardship.

See: data steward

symmetric key

A type of encryption key.

See also: Wikipedia (Symmetric key)

Updated: Jun 17, 2013

T

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

technical security controls

Security controls implemented by way of hardware or software on computing systems and networks. Generally involve the behavior of computers and networks rather than the behavior of people.

See also: Wikipedia (Security controls)

Updated: Mar 6, 2009, 12 Jun, 2013 (added reference)

token

A password or a cryptographic key used to prove identity.

Updated: Jul 2, 2008, 12 Jun, 2013 (re-worded for greater clarity)

TPM

Trusted Processing Module. A hardware cryptographic device added to some computer systems. It can perform encryption and other security-related activities.

Updated: Jul 2, 2008

U

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

user

A person who is accessing or otherwise using computing resources.

Related term: entity

Updated: Jul 2, 2008

username

The identifier portion of a credential consisting of a username and password pair. Each user must have a unique username in the context in which the credential is used.

Updated: Jul 2, 2008

UW-Madison associate

Those parts of an external organization that serve as a contractor or associate of UW-Madison unit and function as though part of or attached to an internal unit. this definition needs to be reviewed by Legal Services.

Updated: Mar 6, 2009

UW-Madison unit

  1. Any division, school, college, department, center or other type of organizational unit that is an internal part of UW-Madison.
    Note: This also includes formally external organizations that function as though they are an internal part of UW-Madison, in accordance with the agreement that exists between UW-Madison and the organization.

    Updated: Jul 2, 2008
  2. Any division, school, college, department, center or other type of organizational unit that is an internal part of UW-Madison, or those parts of an external organization that serve as a contractor or associate of UW-Madison and function as though part of or attached to an internal unit. [Note: this definition needs to be reviewed by Legal Services.]

    Updated: Feb 20, 2009

V

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

VP IT

"Vice Provost for Information Technology". Also the CIO of UW-Madison.

Updated: 12 Jun, 2013

W

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

workstation

Either a desktop computer or a laptop computer.

Updated: Oct 26, 2012

WPA2

WiFi Protected Access version 2. An IEEE standard for encrypting wireless data transmissions. WPA2 replaced the cryptographically inadequate WEP standard (Wireless Equivalent Privacy.)

http://www.cio.wisc.edu/SensitiveDataDefinition.pdf

Updated: Jul 2, 2008

X

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

No entries.

Y

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

No entries.

Z

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

No entries.

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z




Keywords:definitions glossary definition, , , , policy-program   Doc ID:58517
Owner:GARY D.Group:IT Policy
Created:2015-11-25 13:08 CDTUpdated:2016-11-27 11:47 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/glossary
Feedback:  0   0