Information Security Definition of Terms
This standard provides common definitions for terms used in the information security policies, standards, procedures and guidelines at the University of Florida.
- Data Custodian
- Professional IT workers who provide technical facilities and support services to Data Owners and Data Users. Data Custodians implement security controls to protect data.
- Data Owner
- Unit administrators (Deans, Directors and Department Chairs, also called DDD) ultimately responsible for the use and protection of university data used within their scope of authority. Data Owners establish acceptable levels of risk to university data, assign Data Custodians and provide them the resources necessary to maintain data within acceptable risk levels, and establish criteria for authorization of Data Users.
- Data User
- Anyone authorized to access, create or alter university data.
- Mobile Computing Devices
- Small devices intended primarily for the access to or processing of data, which can be easily carried by a single person and provide persistent storage. New products with these characteristics appear frequently. Current examples include, but are not limited to, the following types of products:
- Laptop, notebook, netbook and similar portable personal computers
- Smartphones and PDAs (Android, Blackberry, iPhone, and others)
- Mobile Storage Devices
- Media that can be easily carried by a single person and provide persistent storage. New products with these characteristics appear frequently. Current examples include, but are not limited to, the following types of products:
- Magnetic storage devices (diskettes, tapes, USB hard drives
- Optical storage devices (CDs, DVDs, magneto-optical disks)
- Memory storage devices (SD cards, thumb drives, etc
- Portable devices that make nonvolatile storage available for user files (cameras, MP3 and other music players, audio recorders, smart watches, cell phones)
- Restricted Data
- Data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities, that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to medical records, social security numbers, credit card numbers, Florida driver licenses, non-directory student records, research protocols and export controlled technical data.
- Any subdivision of the university independently responsible for complying with information security policies and standards; typically a college, department or institute.
- University of Florida
- The colleges, institutes, centers and administrative units that make up the University, along with Direct Support Organizations whose sole purpose is to provide services to or on behalf of the University.
- University of Florida Constituency
- Faculty, staff, students, health care providers, contractors and other persons whose conduct, in the performance of work at a University of Florida department, require access to University of Florida data.
- University of Florida IT Support Team
- A unit of IT professionals within the University of Florida that provides technical deployment and support activities for a sub-set of University of Florida users.