Policy Glossary D - F
Individual facts, statistics, or items of information represented in either electronic or non-electronic forms.
A facility used to house information processing or telecommunications equipment that handle protected or critical information assets.
Person identified by law, contract, or policy with responsibility for granting access to and ensuring appropriate controls are in place to protect information assets. The duties include but are not limited to classifying, defining controls, authorizing access, monitoring compliance with CSU/campus security policies and standards, and identifying the level of acceptable risk for the information asset. A Data Owner is usually a member of management, in charge of a specific business unit, and is ultimately responsible for the protection and use of information within that unit.
(also known as “Data Custodian”)
An individual who is responsible for the maintenance and protection of the data. The duties include but are not limited to performing regular backups of the data, implementing security mechanisms, periodically validating the integrity of the data, restoring data from backup media, and fulfilling the requirements specified in CSU/campus security policies and standards.
DMZ (De-Militarized Zone) is a set of one or more information assets logically located outside of a protected network that is accessible from the Internet (open to the world) with limited controlled data exchanges with the protected environment.
Electronic or optical data storage media or devices that include, but are not limited to, the following: magnetic disks, CDs, DVDs, flash drives, memory sticks, and tapes.
Any person who is hired by the CSU to provide services to or on behalf of the CSU and who does not provide these services as part of an independent business.
An agreed-to secure means of data transmission over a network (wired or wireless).
The process of encoding data so that it can be read only by the sender and the intended recipient.
Assignment of a single individual to overlapping administrative or management job functions for a critical information asset without appropriate compensating controls such as added reviews or logging.