IT Security
Definitions
These terms are used in IT Security:
Availability
Access to information at agreed times.
Confidentiality
The restriction of information to those persons who are authorised to receive it.
Control
Means of managing risk, including policies, procedures and guidelines.
Data controller
A person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Data subject
An individual who is the subject of personal data.
Information
Information in all its forms; data stored on or transmitted by computer systems; and material that can be stored and distributed as audio, video, or other media.
Information Security
Protection of information to ensure business continuity and to provide appropriate levels of confidentiality, integrity and availability.
Information Security Incident
An actual or suspected event or series of events that could threaten the confidentiality, integrity and availability of information; or that put at risk the security of IT infrastructure and systems.
Information System
A set of software, databases and procedures organised to store and provide information that supports the operations and business of the University.
Integrity
The completeness and preservation of information in its original and intended form unless amended or deleted by authorised people or processes.
ISE
Information Strategy Executive. Has responsibility for monitoring the effectiveness of the University's IT Security.
IT Systems
Hardware, software, databases, communications facilities and procedures organised to capture and process, and to provide, protect and store information.
JANET
Joint Academic Network.
JANET-CERT
JANET Computer Emergency Response Team.
Key Information
Information that is critical to the functioning of the University, or sensitive, or which the University is obliged by law to maintain.
Personal data
Data which relate to a living individual who can be identified from those data, or those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.
Strong password
A strong password is sufficiently long, random, or otherwise producible only by the user who chose it, that successfully guessing it will require too long a time. Strong passwords typically contain upper and lower case letters, and a mix of alphabetic characters, digits, and punctuation marks.
Supporting Policies
Documents that define specific detailed requirements in support of the Information Security Policy.
System owner
A member of staff who is the primary contact for an information system, and who is responsible for the security of information held in it. System owners are identified in the IT Systems Catalogue.
The University
Sheffield Hallam University.
Third Party
An Individual or organisation contracted to work for or on behalf of the University either from University premises or remotely, who requires access to University IT systems or information systems.