Search This Site

 

Main menu

Definitions

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

View All

Electronic Communications

Includes telephone communications, so-called "phone mail," or voicemail, e-mail, computer files, text files, and any data traversing the University network or stored on University equipment.

Electronic Device

Electronic equipment, whether owned by the University or an individual, that has a processor, storage device, or persistent memory, including, but not limited to: desktop computers, laptops, tablets, cameras, audio recorders, smart phones and other mobile devices, as well as servers (including shared drives), printers, copiers, routers, switches, firewall hardware, network-aware devices with embedded electronic systems (i.e. “Internet of Things”), supervisory control and data acquisition (SCADA) and industrial control systems, etc

Electronic Media

All media, whether owned by the University or an individual, on which electronic data can be stored, including, but not limited to: external hard drives, magnetic tapes, diskettes, CDs, DVDs, and USB storage devices (e.g., thumb drives).

Electronically Stored Information (ESI)

Electronically Stored Information (ESI) is information created, manipulated, stored, or accessed in digital or electronic form.

Elevated Privileges

A level of permission that allows the user to install software and change configuration settings on a workstation (also known as administrator or admin privileges)

Employee (2)

As used in this policy, includes all faculty (teaching, research, administrative and professional), professional research staff, university and classified staff employed by the University in any capacity, whether full-time or part-time, and all those employees in a wage or temporary status.

Employee (5)

An individual who is an employee (2), contractor employee, medical center employee, and/or foundation employee, as well anyone else to whom University IT resources have been extended. These include, but are not limited to, recently terminated employees whose access to University IT resources have not yet been terminated, deleted, or transferred, and individuals whose University IT resources continue between periods of employment. This also includes student workers, volunteers, and other individuals who may be using state-owned or University IT resources and carrying out University work.

Endpoint Security Software

System settings or software installed on a workstation in addition to baseline security measures to provide compensating controls in one or more of the following three modes to offset the risk assumed by granting increased privileges:

  • Monitoring Mode: Logs user activity such as installing software
  • Practical Security Settings: Requires user to verify software installs before proceeding. This activity must be logged in a location the user would not be able to alter
  • Highest Practical Security Settings: Requires that any installed software be added to an “allowlist” of permitted software by an Workstation Manager before allowing it to be installed
Executive Data Stewards

Senior University and Medical Center officials who have planning and policy-level responsibilities for a large subset of the institution’s data resources. They: (1) oversee the implementation of this policy for their data domains; (2) determine the appropriate classification of institutional data (highly sensitive, sensitive, controlled data, and not sensitive) in consultation with executive management and appropriate others; and (3) appoint Data Stewards for their data domains.

Export and "Deemed Export"

An export is any shipment or transmission of controlled technology out of the U.S. The term "deemed export" is commonly used to refer to the release of controlled information (as specified in the regulations) to a foreign national in the U.S. Under the regulations, such a transfer is deemed to be an export to the individual’s home country.

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form