Includes telephone communications, so-called "phone mail," or voicemail, e-mail, computer files, text files, and any data traversing the University network or stored on University equipment.
Electronic equipment, whether owned by the University or an individual, that has a processor, storage device, or persistent memory, including, but not limited to: desktop computers, laptops, tablets, cameras, audio recorders, smart phones and other mobile devices, as well as servers (including shared drives), printers, copiers, routers, switches, firewall hardware, network-aware devices with embedded electronic systems (i.e. “Internet of Things”), supervisory control and data acquisition (SCADA) and industrial control systems, etc
All media, whether owned by the University or an individual, on which electronic data can be stored, including, but not limited to: external hard drives, magnetic tapes, diskettes, CDs, DVDs, and USB storage devices (e.g., thumb drives).
Electronically Stored Information (ESI) is information created, manipulated, stored, or accessed in digital or electronic form.
A level of permission that allows the user to install software and change configuration settings on a workstation (also known as administrator or admin privileges).
As used in this policy, includes all faculty (teaching, research, administrative and professional), professional research staff, university and classified staff employed by the University in any capacity, whether full-time or part-time, and all those employees in a wage or temporary status.
An individual who is an employee (2), contractor employee, medical center employee, and/or foundation employee, as well anyone else to whom University IT resources have been extended. These include, but are not limited to, recently terminated employees whose access to University IT resources have not yet been terminated, deleted, or transferred, and individuals whose University IT resources continue between periods of employment. This also includes student workers, volunteers, and other individuals who may be using state-owned or University IT resources and carrying out University work.
Endpoint is an individual-use device that is University-owned and serves a University business purpose. Personal individual-use devices are excluded.
Endpoint manager is a technical person whose job is supporting IT resources (e.g. installing hardware and/or software).
System settings or software installed on a workstation in addition to baseline security measures to provide compensating controls in one or more of the following three modes to offset the risk assumed by granting increased privileges:
- Monitoring Mode: Logs user activity such as installing software
- Practical Security Settings: Requires user to verify software installs before proceeding. This activity must be logged in a location the user would not be able to alter
- Highest Practical Security Settings: Requires that any installed software be added to an “allowlist” of permitted software by an Workstation Manager before allowing it to be installed
SUPERSEDED by DATA TRUSTEE
An export is any shipment or transmission of controlled technology out of the U.S. The term "deemed export" is commonly used to refer to the release of controlled information (as specified in the regulations) to a foreign national in the U.S. Under the regulations, such a transfer is deemed to be an export to the individual’s home country.
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.