Sensitive data, as defined in the UVA Policy IRM-003: Data Protection of University Information, are: data, records, and files that:
- may be withheld from release under the Virginia Freedom of Information Act (FOIA),
- are not public records,
- do not enable identity theft,
- are not protected health information (PHI).
Examples include information concerning the prevention of or response to cyber-attacks, or information that describes a security system used to control access to or use of an automated data processing or telecommunications system, or research records that do not contain Highly Sensitive Data, University ID numbers, i.e., those printed on University ID cards, and/or Family Educational Rights and Privacy Act-protected data not covered under the definition of “Highly Sensitive” data. This category of data also includes any data or record covered by the exemptions listed in the Commonwealth of Virginia Freedom of Information Act).
A Service account is a “non-human” account that is used to run services or applications. Service accounts are not administrative accounts or other accounts used interactively by administrators or other persons.
smishing: is the sending of a text messages claiming to be from a reputable source to get you to reveal personal information, such as passwords or credit card numbers, or to download malware onto your computer or phone. It is short for "SMS phishing."
The Service Organization Control 2 (SOC 2) was developed by the American Institute of Certified Public Accountants (AICPA) to report on controls at a service organization relevant to security, availability, processing Integrity, and confidentiality or privacy. The SOC 2 report provides detailed information and assurance about the controls at a service organization (e.g., cloud vendor) relevant to the security, availability, processing, integrity, and confidentiality (privacy) of customer data.
The Service Organization Control 2 (SOC 2) Type II report is an attestation of controls at a service organization over a minimum six-month period, where as a SOC 2 Type I report is an attestation of the operating effectiveness of controls at a service organization at a specific point in time. The SOC 2 Type II reports on the description of controls relevant to security, availability, processing integrity, and confidentiality or privacy provided by the service organization and attests that the controls are suitably designed, implemented, and effective.
Software token (sometimes called an authentication or security token) is a piece of two-factor authentication security. The token is sent or stored on a device (e.g., smart phone or telephone) that the owner must have to authorize access to a restricted resource. The user's interaction with a login system proves that the user physically possesses a token specific and unique to that user. Examples include using Duo-Authentication or Google Authenticator.
Supported operating systems and firmware are operating systems (OS) or firmware that are either supported by the vendor with continued patching or an open source that is supported with updates and/or patches by an active user community. ITS provides a list of its supported OSes and software at: https://in.virginia.edu/support
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.