ROWAN UNIVERSITY POLICY


Title: IRT Terms and Definitions
Subject: General IT
Policy No: IRT:2018:06
Applies: University-Wide
Issuing Authority: Senior Vice President for Information Resources and Technology and Chief Information Officer
Responsible Officer: Senior Vice President for Information Resources and Technology and Chief Information Officer
Adopted: 09/06/2018
Last Revision: 09/10/2018
Last Review: 09/06/2018


I. PURPOSE

This document is intended to define common definitions and terms used in IRT policies.

II. TERMS AND DEFINITIONS

Term

Definition

Access Control

The use of computer-controlled entry and locking devices to limit and log access to areas of a physical facility, usually by means of a digitally-enclosed identification card or biometric device.

Administrative SafeguardsAdministrative actions, and policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect the University’s information assets and to manage the conduct of the University community in relation to the protection of those information assets.
AntivirusSoftware that runs on either a server or workstation and monitors network connections looking for malicious software. Antivirus software is generally reactive, meaning a signature file must be developed for each new virus discovered and these virus definition files must be sent to the software in order for the software to find the malicious code.
ApplicationA computer program that processes, transmits, or stores University information and which supports decision-making and other organizational functions. It typically presents as a series of records or transactions. These records and transactions are generally accessible by more than one user.
Application Administrator
Application ManagerThe technology manager who is directly responsible for the development, maintenance, configuration, or functional specifications of the application. He or she is also required to implement, operate, and maintain security measures defined by the information owners.

Authorized User

A person authorized to access information resources specific to their role and responsibilities, and who has conveyed upon them the expectation of “Least Privilege.”

Availability

The expectation that information is accessible by Rowan University when needed.

BreachAny incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.
Business (Application) OwnerBusiness unit that purchased the application using University funds allocated to its budget or purchased using a grant. The business owner may be a technology organization for utility services-type applications, such as Banner and MS Exchange.
Business Impact Analysis (BIA)A process managed by the Office of Emergency Management that determines the financial and operational impact of a disruption to a business, and the requirements for recovering from the disruption. A business unit uses the BIA to list their business-critical functions and processes and supporting applications.
Business InterruptionAn event, whether anticipated or unanticipated, which disrupts the normal course of business operations within the university.
Business UnitApplies to multiple levels of the university, such as a revenue generating unit or a functional unit (e.g., Compliance, Human Resources, Information Resources and Technology (IR&T), Legal, and Finance). It may also be comprised of several departments.
Business-Critical Function/ProcessA function or process which, if compromised, presents a severe financial, operational, or regulatory risk to the business unit and/or to the University as a whole. A business-critical function/process may be supported by an information system owned by the business unit or by an information system that is shared across multiple units.
Cable ModemCable companies such as Comcast provide Internet access over Cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps.
CensusSurvey administered to an entire population.
ChangeThe addition, modification or removal of approved, supported or base lined hardware, network, software, application, environment, system, desktop build or associated documentation of the production IT environment.
Cloud ServicesConsumer and business products, services and solutions delivered and consumed on-demand, using the cloud service providers' pooled resources, and delivered over a broad network, such as the Internet.
Computer DevicesAny type of device connected to a network that could become infected with a computer virus. Examples of computer devices would be, but not limited to, workstations, servers, laptops, PDAs, etc.
Confidential DataHighly sensitive data intended for limited, specific use by a workgroup, department, or group of individuals with a legitimate need-to-know.
Confidential InformationThe most sensitive information, which requires the strongest safeguards to reduce the risk of unauthorized access or loss. Unauthorized disclosure or access may 1) subject Rowan to legal risk, 2) adversely affect its reputation, 3) jeopardize its mission, and 4) present liabilities to individuals (for example, HIPAA and HITECH penalties). See the Information Classification policy for additional information.
ConfidentialityThe expectation that only authorized individuals, processes, and systems will have access to ROWAN’s information.
Cryptographic algorithmsA mathematical algorithm, used in conjunction with a secret key, that transforms original input into a form that is unintelligible without special knowledge of the secret information and the algorithm.
Cryptographic keysA string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa.
EPHIElectronic Patient Health Information
FERPAFamily Educational Rights and Privacy Act. FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA applies to the records of individuals from the point of first registration until death of the individual.
Information AssetApplication, database, network, or body of information that is of value and importance to the University.
Qualtrics Survey SoftwareSelf-service electronic survey tool.

Rowan Community

Includes employees (e.g. faculty, staff, administration, physicians, researchers), students, former students, alumni, non-employees (e.g. contractors, vendors, guest affiliates), covered entities, agents and any other third parties of Rowan University.

Spam

Unsolicited usually commercial messages (such as Email, text messages, or Internet postings) sent to a large number of recipients or posted in a large number of places.

SurveyA method of gathering information from a sample of people. Modes of administration include electronic surveys, paper surveys and telephone surveys.
Survey OwnerIndividual responsible for final decisions on all aspects of survey methodology and analysis. This is the person who creates or owns the survey.
Survey SampleGroup of individuals from a population who will be surveyed.



By Direction of the CIO: 

__________________________________

Mira Lalovic-Hand, 

SVP and Chief Information Officer