Information Security Terms
The following are technology and security terms and how they apply to the University.
Access Controlled Environment – A physically secured location with appropriate environmental controls accessible only to authorized personnel with a legitimate business need.
AccessIT ID - Your electronic identity for logging on to services offered by Fordham University, such as: e-mail, student registration, MyFiles and Blackboard.
Account – That combination of user name and password that provides an individual, group, or service with access to a computer system or computer network.
Anti Virus Software – Software specifically designed for the detection and prevention of known computer viruses. See also Anti Virus Updates.
Anti Virus Updates – Frequently released definitions that identify new computer viruses. These definitions are used to keep anti virus software effective.
Attack – An attempt to gain unauthorized access or deny authorized access to a university resource.
Attacker – An entity that attempts to gain unauthorized access or deny authorized access to a university resource.
Authentication – The process of confirming a claimed identity. All forms of authentication are based on something you know, something you have, or something you are:
Authorization – The act of granting permission for someone or something to conduct an act. Even when identity and authentication have indicated who someone is, authorization may be needed to establish what actions are permitted.
- “Something you know” is some form of information that you can recognize and keep to yourself, such as a personal identification number (PIN) or password.
- “Something you have” is a physical item you possess, such as a photo ID or a security token.
- “Something you are” is a human characteristic considered to be unique, such as a fingerprint, voice tone, or retinal pattern.
Availability – The degree to which information and vital services are assessable for use when required.
Banner - A suite of administrative applications to replace our current systems (SIS Plus, HRS Plus, etc.). Both Banner and the Plus modules are Sungard products, however where Banner is integrated and web-based such that information is shared among the systems - Plus consists of separate and distinct systems that work independently of each other.
Business Continuity – The ability to carry out vital business services in a timely manner despite loss or damage to university resources.
Breach - The actual or probable exposure of protected data to an unauthorized person by any means. This includes inadvertent disclosure of the data as well as the unauthorized action of a person authorized to access the data.
CIO – The university’s Vice President and Chief Information Officer.
Compromise – See Breach.
Confidentiality – The degree to which confidential university data are protected from unauthorized disclosure.
Confidential/personal/sensitive protected data/information - Any information in or sourced from an electronic information system likely to result in an identity theft such as name, addresses, University ID Number, Social Security Number, bank account information, driver's license number, credit or debit card numbers, etc.
Confirmare - Fordham's Enterprise Resource Planning (ERP) project, which has been named Confirmare [Latin, meaning to strengthen or firm], will replace the university's administrative applications with one strategic integrated system. Sungard Higher Ed's Banner is the software which will replace out Student Information System, Human Resources System, Financial Records System and Viking.
Custodian – Guardian or caretaker; the holder of data, the agent charged with implementing the controls specified by the owner. The custodian is responsible for the processing and storage of information. The custodians of information resources, including entities providing outsourced information resources services to the university, must:
Data – Information that has been translated into a form that is more convenient to move or process.
- Implement the controls specified by the owner(s).
- Provide physical and procedural safeguards for the information resources.
- Assist owners in evaluating the cost effectiveness of controls and monitoring.
- Implement the monitoring techniques and procedures for detecting, reporting, and investigating incidents.
Data Center – Controlled facilities with a primary focus of housing servers, networking equipment and other devices.
Device - Devices include computers and any other equipment such as PDAs, handheld devices (Treos, Blackberry, Palm devices), copiers, printers, disk drives, diskettes, CDs, USB (“thumb”) drives, or other devices that store or display data.
Disaster Recovery – The ability to restore lost or damaged data or systems in a timely manner.
Electronic Communication – Transmitting data electronically with or without human interaction (i.e. email, web, instant messaging, etc.).
Encrypted – Transformed using an algorithm to make information unreadable to anyone other than those with special knowledge, usually referred to as a key.
Encryption – The process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
ERP - Fordham's Enterprise Resource Planning project. See Confirmare.
ETS or Enterprise Technology Services - Fordham IT department committed to the application of "best practices" in the establishment of highly responsive and available computing platforms as well as a stable and reliable network infrastructure for Fordham University.
Firewall – A hardware or software device that limits access to a computer or network to help prevent unauthorized access.Also see Firewall Appliance and Host based Firewall Software.
Firewall Appliance – A physical device that provides firewall protection for a network. Also see Firewall and Host based Firewall Software.
FIT - Fordham Information Technology
Host based Firewall Software – A software program that provides firewall protection solely for the system that it is running. Also see Firewall and Firewall Appliance.
INB or Internet Native Banner - A more comprehensive version of Banner and is accessed through forms, which are similar to screens in the current Plus environment. INB will be used by administrative folks who maintain information in the areas of Finance, Human Resources, Student, Financial Aid and Advancement to perform functional processes.
Incident - A report of a possible breach and its follow-up investigation and remediation.
Information Security Advisory Board (ISAB) – A committee of individuals which respresent the university to provide guidance and advocacy on information security standards and security investments.
Integrity – The degree to which the accuracy and completeness of information and computer software is safeguarded to protect the business process for the university.
ITAC or Instructional Technology Academic Computing - A comprehensive educational technology organization within Fordham IT, encompassing the services of Faculty Technology Centers, Media Services, Smart Classrooms, Video Conferencing, Technology Teaching and Learning, Student Technology Services, Teaching Labs and many others pertaining to the academic mission of the university.
Log – Electronic information about activity recorded by a computer during the course of operation.
Merchant – Unit that accepts payment cards in payment for goods, services or gifts.
Merchant Account – The payment card account number assigned by Enrollment Services - Student Accounts to permit payment card payment processing.
My.Fordham - A portal used to access services offered by Fordham University such as: e-mail, MyFiles, student registration and Blackboard.
NAC - Network Access Control.
NAT – Network Address Translation.
Network – A logical collection of devices and communication paths.
Networked Device – Any equipment that resides on a network.
Non Compliance – Failure to meet or exceed standards or recommendations set by the university or by individual units.
Offsite – Located in a university approved secure location other than in the building in which backups are performed.
Patches – Updates to operating systems and application software that enhance security and/or operability.
PII or Personally Identifiable Information – See Confidential/personal/sensitive protected data/information.
POP3 - Post Office Protocol an Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server. Using a POP3 client you are capable of receiving e-mail from your Student e-mail or Faculty/Staff/Lotus e-mail accounts.
Portal - See My.Fordham.
Scan – A series of messages or transmissions attempting to access a device to learn what network services and information the device provides in order to identify potential weaknesses.
Security Breach – See Breach.
Server - A system that provides services to others outside their local network.
Site licensed – Licensed for use by the university at low or no cost to the user.
SPO or Strategic Program Office - Fordham IT department responsible to lead the Program & Project Management improvement and expansion effort throughout the division by modeling exemplary project coordination, communication, standarization, measurement, reporting and mentoring.
SSB or Self Service Banner - a typical web interface, such as one would see for their bank or credit card. Most of the Fordham community will use SSB to view or update information related to their specific role at Fordham.
UISO or University Information Security Office - Fordham IT department responsible for the overall direction of information security functions relating to Fordham University, specifically: IT risk management, security policies, security awareness, and security architecture
Unit - Any university college, department, school, program, research center, business service center or other operating unit.
University – Fordham University.
University Network – The collection of central and outlying data, voice, and other networks that provides direct access to university resources.
URT or University Response Team - Team designated by the University to deal with electronic data breaches.
University Resource – Data in any form and recorded in any matter and computer related resources operated, owned or leased by the university, including but not limited to:
University Employee – An individual who is employed by the university under classifications "faculty," "classified staff," or "academic professional," "administrative professional," “administrative personnel,” “administrator,” "service professional" or “student employee” as those terms are defined in the Acceptable Use Policy, Student Handbook, Administrator Handbook, Faculty Handbook, Resident Handbook or the Fordham University Statutes.
- Networks and network appliances
- Computers (servers, workstations and laptops)
- Software and applications
- Thumbdrives, paper, etc.
- Any other computer related equipment, device or hardware used to access, store, transmit or interface with another university resource
University Related Persons – University students and applicants for admission, universityemployees and applicants for employment, Affiliates, Associates, Volunteers, alumni, temporary employees of agencies who are assigned to work for the university, and third party contractors engaged by the university and their agents and employees.
User - Any individual who accesses, uses, or controls a University electronic information resource. Users include, but are not limited to, staff, faculty, students, those working on behalf of the University, guests, and visitors.
VPN or Virtual Private Network – An encrypted communication channel between two computers or networks which is intended to prevent eavesdropping between the endpoints. The university offers a free VPN service to all faculty, staff and students.
Vulnerability – Any flaw in the software, hardware, or configuration of a computing device that can be used to compromise the security of a university resource.
Vulnerability Assessment – An audit by a responsible party that is intended to identify potential vulnerabilities in a computer system or network.
For any questions please contact the Fordham University Information Security Office
Cross References to Related Fordham and Other Governmental Policies
This document was established in September, 2009.