Information Security Definition of Terms

Purpose

This standard provides common definitions for terms used in the information security policies, standards, procedures and guidelines at the University of Florida.

Definitions

Data Custodian
Professional IT workers who provide technical facilities and support services to Data Owners and Data Users. Data Custodians implement security controls to protect data.
Data Owner
Unit administrators (Deans, Directors and Department Chairs, also called DDD) ultimately responsible for the use and protection of university data used within their scope of authority. Data Owners establish acceptable levels of risk to university data, assign Data Custodians and provide them the resources necessary to maintain data within acceptable risk levels, and establish criteria for authorization of Data Users.
Data User
Anyone authorized to access, create or alter university data.
Mobile Computing Devices
Small devices intended primarily for the access to or processing of data, which can be easily carried by a single person and provide persistent storage. New products with these characteristics appear frequently. Current examples include, but are not limited to, the following types of products:

  • Laptop, notebook, netbook and similar portable personal computers
  • Smartphones and PDAs (Android, Blackberry, iPhone, and others)
Mobile Storage Devices
Media that can be easily carried by a single person and provide persistent storage. New products with these characteristics appear frequently. Current examples include, but are not limited to, the following types of products:

  • Magnetic storage devices (diskettes, tapes, USB hard drives
  • Optical storage devices (CDs, DVDs, magneto-optical disks)
  • Memory storage devices (SD cards, thumb drives, etc
  • Portable devices that make nonvolatile storage available for user files (cameras, MP3 and other music players, audio recorders, smart watches, cell phones)
Restricted Data
Data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities, that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to medical records, social security numbers, credit card numbers, Florida driver licenses, non-directory student records, research protocols and export controlled technical data.
Unit
Any subdivision of the university independently responsible for complying with information security policies and standards; typically a college, department or institute.
University of Florida
The colleges, institutes, centers and administrative units that make up the University, along with Direct Support Organizations whose sole purpose is to provide services to or on behalf of the University.
University of Florida Constituency
Faculty, staff, students, health care providers, contractors and other persons whose conduct, in the performance of work at a University of Florida department, require access to University of Florida data.
University of Florida IT Support Team
A unit of IT professionals within the University of Florida that provides technical deployment and support activities for a sub-set of University of Florida users.