Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Access to the user's computers files are blocked, often by encrypting them. Most ransomware attacks are the result of clicking on an infected email attachment or visiting hacked or malicious websites.
Any document, file, computer program, database, image, recording, or other means of expressing information in either electronic or non-electronic form.
Regulated data is defined as data that requires the university to implement specific privacy and security safeguards as mandated by federal, state, and/or local law, or university policy or agreement. Regulations or categories of data most applicable to UVA include, but is not limited to:
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Health Information Technology for Economic and Clinical Health Act (HITECH)
Social Security Numbers (SSNs)
Gramm Leach Bliley Act (GLBA)
Payment Card Industry Data Security Standards (PCI-DSS)
Export Controlled Research - International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR)
Controlled Unclassified Information (CUI)
Covered Defense Information (CDI) and Controlled Technical Information (CTI)
Restricted Research Data, such as census data.
The Office of the Vice-President for Research provides guidance and assistance for some of these kinds of data.
Any data, document, computer file, computer diskette, or any other written or non-written account or object that reasonably may be expected to provide evidence or information regarding the proposed, conducted, or reported research that constitutes the subject of an allegation of research misconduct. A research record includes, but is not limited to, grant or contract applications, whether funded or unfunded; grant or contract progress and other reports; laboratory notebooks; notes; correspondence; videos; photographs; X-ray film; slides; biological materials; computer files and printouts; manuscripts and publications; equipment use logs; laboratory procurement records; animal facility records; human and animal subject protocols; consent forms; medical charts; and patient research files. A research record is one type of University record.
Risk Management, as defined in the UVA Policy IRM-004: Information Security of University Technology Resources, is: the process to identify, control and manage the impact of potential harmful events, commensurate with the value of the protected assets. Risk management includes impact analysis, risk assessment, and continuity planning.
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.