ROWAN UNIVERSITY POLICY
Title: IRT Terms and Definitions
Subject: General IT
Policy No: IRT:2018:06
Issuing Authority: Senior Vice President for Information Resources and Technology and Chief Information Officer
Responsible Officer: Senior Vice President for Information Resources and Technology and Chief Information Officer
Last Revision: 09/10/2018
Last Review: 09/06/2018
This document is intended to define common definitions and terms used in IRT policies.
II. TERMS AND DEFINITIONS
The use of computer-controlled entry and locking devices to limit and log access to areas of a physical facility, usually by means of a digitally-enclosed identification card or biometric device.
|Administrative Safeguards||Administrative actions, and policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect the University’s information assets and to manage the conduct of the University community in relation to the protection of those information assets.|
|Antivirus||Software that runs on either a server or workstation and monitors network connections looking for malicious software. Antivirus software is generally reactive, meaning a signature file must be developed for each new virus discovered and these virus definition files must be sent to the software in order for the software to find the malicious code.|
|Application||A computer program that processes, transmits, or stores University information and which supports decision-making and other organizational functions. It typically presents as a series of records or transactions. These records and transactions are generally accessible by more than one user.|
Rowan staff member who is responsible for granting access and providing support on the application to the Rowan community.
|Application Manager||The technology manager who is directly responsible for the development, maintenance, configuration, or functional specifications of the application. He or she is also required to implement, operate, and maintain security measures defined by the information owners.|
A person authorized to access information resources specific to their role and responsibilities, and who has conveyed upon them the expectation of “Least Privilege.”
|Automated Tools||Software that executes pre-scripted tests on software applications or hardware devices.|
The expectation that information is accessible by Rowan University when needed.
|Breach||Any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.|
|Business (Application) Owner||Business unit that purchased the application using University funds allocated to its budget or purchased using a grant. The business owner may be a technology organization for utility services-type applications, such as Banner and MS Exchange.|
|Business Impact Analysis (BIA)||A process managed by the Office of Emergency Management that determines the financial and operational impact of a disruption to a business, and the requirements for recovering from the disruption. A business unit uses the BIA to list their business-critical functions and processes and supporting applications.|
|Business Interruption||An event, whether anticipated or unanticipated, which disrupts the normal course of business operations within the university.|
|Business Unit||Applies to multiple levels of the university, such as a revenue generating unit or a functional unit (e.g., Compliance, Human Resources, Information Resources and Technology (IR&T), Legal, and Finance). It may also be comprised of several departments.|
|Business-Critical Function/Process||A function or process which, if compromised, presents a severe financial, operational, or regulatory risk to the business unit and/or to the University as a whole. A business-critical function/process may be supported by an information system owned by the business unit or by an information system that is shared across multiple units.|
|Cable Modem||Cable companies such as Comcast provide Internet access over Cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps.|
|Census||Survey administered to an entire population.|
|Change||The addition, modification or removal of approved, supported or base lined hardware, network, software, application, environment, system, desktop build or associated documentation of the production IT environment.|
|Cloud Services||Consumer and business products, services and solutions delivered and consumed on-demand, using the cloud service providers' pooled resources, and delivered over a broad network, such as the Internet.|
|Computer Devices||Any type of device connected to a network that could become infected with a computer virus. Examples of computer devices would be, but not limited to, workstations, servers, laptops, PDAs, etc.|
|Confidential Data||Highly sensitive data intended for limited, specific use by a workgroup, department, or group of individuals with a legitimate need-to-know.|
|Confidential Information||The most sensitive information, which requires the strongest safeguards to reduce the risk of unauthorized access or loss. Unauthorized disclosure or access may 1) subject Rowan to legal risk, 2) adversely affect its reputation, 3) jeopardize its mission, and 4) present liabilities to individuals (for example, HIPAA and HITECH penalties). See the Information Classification policy for additional information.|
|Confidentiality||The expectation that only authorized individuals, processes, and systems will have access to ROWAN’s information.|
|Cryptographic algorithms||A mathematical algorithm, used in conjunction with a secret key, that transforms original input into a form that is unintelligible without special knowledge of the secret information and the algorithm.|
|Cryptographic keys||A string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa.|
|EPHI||Electronic Patient Health Information|
|FERPA||Family Educational Rights and Privacy Act. FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA applies to the records of individuals from the point of first registration until death of the individual.|
|Information Asset||Application, database, network, or body of information that is of value and importance to the University.|
|Qualtrics Survey Software||Self-service electronic survey tool.|
Includes employees (e.g. faculty, staff, administration, physicians, researchers), students, former students, alumni, non-employees (e.g. contractors, vendors, guest affiliates), covered entities, agents and any other third parties of Rowan University.
Unsolicited usually commercial messages (such as Email, text messages, or Internet postings) sent to a large number of recipients or posted in a large number of places.
|Survey||A method of gathering information from a sample of people. Modes of administration include electronic surveys, paper surveys and telephone surveys.|
|Survey Owner||Individual responsible for final decisions on all aspects of survey methodology and analysis. This is the person who creates or owns the survey.|
|Survey Sample||Group of individuals from a population who will be surveyed.|
By Direction of the CIO:
SVP and Chief Information Officer