Information Security Term Definitions


Definitions of terms used across policies and standards


Information security TERM DEFINITIONS



Defines unknown or ambiguous terms used in Information Security policies and standards.


All Parkland College Information Security policies and standards.


Section 1 – Terms





Policies are institution-wide directives from Parkland College and its constituents that define an intended and required, high-level course of action for securing systems and data.


Standards are detailed, institution-wide requirements intended to implement the approved policies. Standards are detailed, agile documents intended to be updated frequently to be current with technology.


Specific steps to accomplish a task or series of tasks that facilitate compliance with a Policy or Standard. Implements a Policy or Standard. Mandatory compliance.


Recommendations and best practices for safeguarding the confidentiality, integrity, and availability of information. Recommended compliance.


Concept of preventing disclosure of sensitive information to unauthorized entities.


Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.


Ensuring that data, information, or systems are accessible and usable upon demand by an authorized entity.


Modification of systems, data, or information.


Ensuring that business and academic functions can continue functioning in some capacity despite adverse events.

Data/System Access

Connection to, or ability to obtain, data and systems.

Data/System Classification

Application of labels to data and systems identifying nature and sensitivity.

Data/System Processing

Collective set of data or system actions including collection, generation, logging, transformation, use, disclosure, sharing, transmission, and disposal.

Data/System Storage

Placing data or systems in a persistent state or location, whether physical, virtual, or cloud-based, whereby they may be held for future use. Often described as At-Rest.

Data/System Transmission

Sending data from one location to another, regardless of medium. Often described as In-Transit.

Data/System Use

Data or systems actively being used for the purpose for which it is intended. For digital data, this means data stored in a non-persistent digital state, such as in computer memory.


An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or data.


Protection against an individual who falsely denies having performed a certain action and provides the capability to determine whether an individual took a certain action.

Personally Identifiable Information (PII)

Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.

Protected Health Information (PHI)

Individually identifiable health information that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium. FERPA and employer-held employment records are excepted.


Restoring systems and data to pre-event operations after an adverse event.


The societal opinion about an entity as typically formed by an evaluation of a set of criteria, such as behavior or performance.


A measure of the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of the adverse impact, or magnitude of harm, that would arise if the event occurred and the likelihood of event occurrence.

Risk Treatment

The process or means by which a risk is addressed or modified.


Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, or other organizations through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.


CIS Critical Controls

Framework publication of best practices and recommendations for computer security.


Children’s Online Privacy Protection Act of 1998 – Governs the online collection of personal information about children under 13 years of age.


Family Educational Rights and Privacy Act of 1974 – Governs access to educational information and records.


Freedom of Information Act (US) (IL) – Provides disclosure (full or partial) of previously unreleased information and documents held by government agencies.


General Data Protection Regulation (EU) – Defines protections and rights for EU nationals to control their data.


Gramm-Leach-Bliley Act – Outlines interactions between the banking, securities, and insurance industries.


Health Insurance Portability and Accountability Act of 1996 – Controls the flow and security of healthcare information to protect against fraud and theft

NIST (CSF, etc.)

National Institute of Standards and Technology – Publishes the Cybersecurity Framework (CSF) and many other Special Publications (SP) governing the use of Information Security and Technology measures within the US Government.


Payment Card Industry Data Security Standard is an information security standard for organizations that handle major branded credit cards.


Role / Job Role

The responsibilities and requirements assigned to a specific position or situation.


Senior stakeholder accountable for systems and data. Has authority to make and authorize changes to the systems or data.


Entity responsible for implementing the data usage and security policies.


Entity responsible for the technical protection of information assets.

Software Developer

Individual who writes code resulting in an operational program.



The practice of making data, content, and systems usable by as many people as possible.

Account / User Account

Unique identifier serving as a representation of an individual, service, process, or system. Typically utilizes credentials to authenticate.

Account Termination

The removal of permissions and access performed in advance of, or in addition to, an account being removed or deleted.


An individual with elevated permissions responsible for the maintenance and configuration of an information system.


A computer program or series of programs designed to fulfill a specific purpose or need.


Any item requiring protection from an information security prgra


Act of verifying the identity of an individual.

Authentication Mechanism

Hardware or software through which a user proves identity using a credential prior to granting access.


Act of verifying what resources an individual is allowed to use or access.


A copy of systems and data that can be used to restore after an undesired event.


Physical characteristics (such as a fingerprint or retinal pattern) of a human. Fulfills the “something you are” component of multifactor authentication (MFA)


In incident management: Ensuring an undesirable or adverse event does not spread beyond the current impacted footprint. Limiting the impact of an adverse event.


Specific actions, processes, technologies, or other related items implemented to address or modify risk.


A token or digital identity (typically with a username and some other form of secret, such as a passphrase, or biometric) used to authenticate a user.


"Demilitarized Zone." This refers to a separate network segment that is isolated from the internal network and is used to host servers and services that need to be publicly accessible.

Electronic Communications

Correspondence between 2 entities performed using a digital medium.

Elevated Privileges

Privileges that exceed those of a standard user for the purpose of performing maintenance or other administrative functions.

Encryption / Decryption

Encryption is rendering data unreadable by encipherment. Two-way encryption is paired with a key for decryption. One-way encryption is used for integrity monitoring in forms such as hashing.

Decryption is reversing encryption from enciphered data back into plain text.


Any computing device or equipment that is connected to a network and is capable of transmitting or receiving data. Endpoints can include desktop computers, laptops, smartphones, tablets, servers, printers, and other network-connected devices.


In incident management: The removal of an adverse event or unwanted software such as viruses and malware.


Physical components of computers. Examples include servers, laptops, workstations, hard drives, video cards, monitors, etc.


Measurement of how much an entity is affected by an event, both positive and negative.

Least Privilege

Security principle in which a user is given the minimum levels of access or permissions needed to perform their job.

Media (Physical or Digital)

Container in which data is stored. Digital media include virtual hard disks, cloud storage, etc. Physical media include paper, hard drives, DVDs, signage, printed materials, etc.


Risk treatment that involves the implementation of controls to reduce risk associated with a threat.

Mobile Device

Any electronic device that is non-stationary. Examples include mobile phones, smartphones, laptops, tablets, etc.


Security principle stating that a user shall only have access to the information that their job function requires, regardless of their security clearance level or other approvals.


Interconnection of computers facilitating digital communication.

Password / Passphrase

A factor of authentication consisting of a string of characters. Fulfills the “something you know” component of multifactor authentication (MFA)


A string of characters, usually digits. Similar to a password/passphrase. Fulfills the “something you know” component of multifactor authentication (MFA)


A set of instructions, data or programs used to operate computers and execute specific tasks, usually in the form of computer code.


Vulnerability management: To correct a vulnerability found on or in a system.


Physical, Digital, Personnel, or Time components of a project, program, or system.

IT Resources

Computer systems, software, hardware, and services, including their configurations and constituent components.

Security Awareness

Education and training on the appropriate measures to take to prevent adverse events or undesired behavior.

Separation of Duties

Security concept that splits the duties related to a function or process between multiple people to ensure accountability and integrity.


Code, either compiled or used with a framework, running on a computer


Series of processes, personnel, or components of hardware and software working together towards a common goal. Also refers to a fully assembled computer or series of programs in a computer.


The process of ensuring a specification, system, process, or other item meets a set of defined requirements.

Vendor / Supplier

An external, 3rd-party entity that sells, manages, maintains, or otherwise provides services to the college.


Virtual Private Network: A method by which an entity gains access to network systems and resources by establishing an encrypted electronic connection with the campus network.


A weakness in processes, software, hardware or other system causing risk.


Data Center Coordinator (DCC)

Individuals responsible for securing Parkland College Data Centers.

Authorized Individuals

Individuals granted unescorted access to the Parkland College Data Centers.

Authorized Access

Access to a Parkland College Data Center that has been approved by the appropriate DCC.

Class BC Fire Extinguisher

A portable, regular dry chemical fire extinguisher that meets the requirements set forth by the U.S. Department of Labor Occupational Safety and Health Administration to handle a range of fires caused by Energized Electrical Equipment or flammable liquids, greases, or gases.

Parkland College Data Center

A facility, or portion of a facility, with the primary function to house data processing equipment in a fault-tolerant environment with the capability to undergo routine maintenance without affecting operation.

Conditioned Power

An electrical component intended to improve the quality of the power supplied to the Data Center Assets. Conditioned Power is provisioned through one or more UPS system(s) or a DC battery plant and is further supported by one or more standby diesel generators.

Data Center Asset

A component located within a Parkland College Data Center including, but not limited to, servers, blade systems, network devices, storage devices, racks, and rack power distribution units (“PDUs”).

Data Center Asset Inventory

An inventory that provides detailed information of the Data Center Assets located within a Parkland College Data Center and classifies the assets in accordance with business criticality. Each DCC may determine how to maintain a data center’s inventory, provided it offers the ability to add, assign, locate, and remove all assets within the DCC’s responsibility.

Energized Electrical Equipment

Electrical equipment such as computers, servers, motors, transformers, appliances, wiring, circuit breakers, and outlets connected to a power supply.

Enterprise Activities

The activities that support the academic, administrative, outreach, and research missions of Parkland College that are supported by Campus Technologies.

Mission Critical Services

Services essential to the academic, administrative, research, and outreach missions of Parkland College.

Unauthorized Access

Access to a Parkland College Data Center that has not been approved by the appropriate DCC.

Uninterruptible Power Supply (UPS)

A system that provides a continuous supply of power to a load, utilizing stored energy when the normal source of energy is not available or is of unacceptable quality. A UPS will provide power until the stored energy of the system has been depleted or an alternative or the normal source of power of acceptable quality becomes available.


A person with approved, escorted access to a Parkland College Data Center.

RACI Matrix Key / Legend

R - Responsible

Responsible for performing an action or process

A - Accountable

Accountable for the results of an action or process

C - Consulted

Consulted or providing advice or guidance on an action or process

I - Informed

Informed on the progress or results of an action or process



Security Incident Response Team


Distributed Denial of Service


Intrusion Detection System


Intrusion Prevention System


Advanced Persistent Threat






Article ID: 156049
Wed 5/31/23 5:26 PM
Wed 9/13/23 6:39 PM

Related Articles

Related Articles (14)

This policy outlines information security roles and responsibilities at Parkland College, assigning specific duties to various stakeholders to ensure compliance and protect data.
Outlines the accountability for all individuals at Parkland College to engage in responsible conduct when using Parkland's information systems.
Managing Information Security Risk at Parkland College
Governs the control of access and authentication methods
Support and direction for developing and managing the information security awareness and training program
Defines requirements regarding the management of, and response to, information security incidents at Parkland College.
Governs the management and treatment of vulnerabilities in information systems at Parkland College.
Classification of data at Parkland College
Governs the management of Technology Assets
Governs requirement for Backups, Disaster Recovery, and Business Continuity
Ensures secure engagement with vendors, suppliers, and third parties through evaluation, assessing risks, managing contracts, controlling access, and maintaining documentation.
Ensuring the secure, effective, and responsible use of electronic communications in and for Parkland College.
Ensures data protection on Mobile Devices
Governs the lifecycle of information and information assets