Policy Glossary A - C
Software that detects or prevents malicious software.
A software program designed to perform a specific function for a user. Applications include, but are not limited to, word processors, database programs, development tools, image editing programs, and communication programs.
The process of confirming that a known individual is correctly associated with a given electronic credential; for example, by use of passwords to confirm correct association with a user or account name (is a term that is also used to verify the identity of network nodes, programs, or messages).
The process of determining whether or not an identified individual or class has been granted access rights to an information assets, determining what type of access is allowed; e.g., read-only, create, delete, and/or modify.
Ensuring that information assets are available and ready for use when they are needed.
An instrument intended to validate the identity of an individual through comparison of a demonstrated intrinsic physical or behavioral trait with a record of the same information previously captured. Examples: fingerprint, retina scan, voice recognition.
Business Continuity Planning
See CSU BCP Executive Order.
For the purposes of the CSU Security Program, a “campus” is any CSU campus as defined in Section 89001 of the California Education Code to include satellite locations and the Chancellor’s Office.
Campus Limited Access Area
Physical area such as a human resources office, data center, or Network Operations Center (NOC) that has a defined security perimeter such as a card controlled entry door or a staffed reception desk.
Responsible for (1) specifying and monitoring the integrity and security of information assets and the use of those assets within their areas of program responsibility and (2) ensuring that program staff and other users of the information asset are informed of and carry out information security and privacy responsibilities.
An event that causes substantial harm or damage to significant CSU information assets. Examples: earthquake, fire, extended power outage, equipment failure, or a significant computer virus outbreak.
Computer Security Incident Response Team (CSIRT)
The name given to the team that handles security incidents.
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. [44 U.S.C, SEC. 3542]
Countermeasures (administrative, physical, and technical) used to manage risks.
An asset that is so important to the campus that its loss or unavailability is unacceptable.
Any CSU administratively controlled communications network that is within the CSU managed physical space. Such networks may interconnect with other networks or contain sub networks.