Skip to Content Skip to Footer

Information Security Glossary

Agents Agents include employees, including full- and part-time staff, students, consultants, and other agents.
 Appropriate  use  Appropriate use refers to the use of computing resources, as outlined in this document, in a manner consistent with Clayton State's mission for education, research and service.
 Authentication  A process of attempting to verify the digital identity of a system user or processes.

 Availability

Refers to ensuring timely and reliable access to and use of information.

 Confidentiality

Refers to preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

 Computing  Resources  For the purpose of this document, the phrase “computing resources” includes, but is not limited to, computers, files, networks, electronic mail, and Internet access, that is owned, leased, and/or maintained by Clayton State University

 Computer  Security  Incident

A violation (breach) or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices, which may include, but are not limited to:

  • Widespread infections from virus, worms, Trojan horse or other malicious code
  • Unauthorized use of computer accounts and computer systems
  • Unauthorized, intentional or inadvertent disclosure or modification of sensitive/critical data or infrastructure
  • Intentional disruption of critical system functionality
  • Intentional or inadvertent penetration of firewall
  • Compromise of any server, including Web server defacement or database server
  • Exploitation of other weaknesses, known or unknown
  • Child pornography
  • Attempts to obtain information to commit fraud or otherwise prevent critical operations or cause danger to state or system or national security and
  • Violations of state or USG security policies or standards that threaten or compromise the security objectives of state or USG data, technology, or communications systems and,
  • Any violation of the “Appropriate Use Policy”

 DNS

Refers to the domain name system, which represents a powerful Internet technology for converting domain names to their corresponding IP addresses.

 DNS Spoofing

Refers to confusing a DNS server into giving out bad information. The way it works is that an attacker sends a recursive query to the victim’s server, using the victim’s server to resolve the query. The answer to the query is in a zone the attacker controls. The answer given by the attacker’s name server includes an authoritative record for a domain name controlled by a third party. That authoritative record is FALSE. The victim’s server caches the bogus record. Once spoofed, the victim’s resolver will continue to use the false record it has in its cache, potentially misdirecting email, or any other Internet service. This is a potential major security leak for credit card information, trade secrets, and other highly sensitive information. Note Most modern servers will not cache a fake record because it does not fall in the same parent zone as the record that was requested.

 Domain.

Most often used to refer to a domain zone, it is also used to describe a zone or a domain name.

 Endpoints.

Can include, but are not limited to, PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals.

 Endpoint  Security

An approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted. Simple forms of endpoint security include personal firewalls or anti-virus software that is distributed and then monitored and updated from a server.

 Endpoint  Security  Management

A policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources.

 Endpoint  Security  Management  Systems

A purchased software or a dedicated appliance, discover, manage, and control computing devices that request access to the corporate network. Endpoints that do not comply with policy can be controlled by the system to varying degrees. For example, the system may remove local administrative rights or restrict Internet browsing capabilities.

 Event of  Interest

A questionable or suspicious activity that could threaten the security objectives for critical or sensitive data or infrastructure. They may or may not have criminal implications.

 Guideline

A guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy.

 Incident  Management

The process of detecting, mitigating, and analyzing threats or violations of security policies and controls and limiting their effect.

 Incident  Response  Management

The process of detecting, mitigating, and analyzing threats or violations of security policies and limiting their effect.

 Integrity

Refers to guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.

 Metric

A numeric indicator(s) used to gauge system-wide program performance and monitor progress toward accomplishing system-wide goals and objectives. Monitors and measures accomplishment of goals by quantifying the level of implementation and effectiveness.

 Monitoring

Refers to observing and checking for a set standard or configuration.

 Performance  Goal

The desired result(s) of implementing the security objective or technique that are measured by the metric.

 Performance  Measures

The actions required to accomplish the performance goal validated through the completion and analysis of the institution report.

 Policy

Typically a concise document that outlines specific requirements, business rules, or company stance that must be met. The policy is the organization’s stance on an issue, program, or system. It is a rule that everyone must meet.

 Split DNS

Refers to when internal hosts are directed to an internal domain name server for name resolution, while external hosts are directed to an external domain name server for name resolution.

 Sensitive Data Data for which users must obtain specific authorization to access, since the data’s unauthorized disclosure, alteration, or destruction will cause perceivable damage to the participant organization. Example: personally identifiable information, Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPPA). PCI standards, as well as, data not releasable under the Georgia Open Records Act, the Georgia Open Meetings Act, or some other.

 Standard

A standard is a requirement that supports a policy.

  User User is any person who utilizes Clayton State University owned or leased computing resources, including, but not limited to faculty, staff, students, temporary employees, and contract labor. The user is responsible for the conduct of any person that the user allows to use Clayton State University computing resources.