Information Technology and Resources - Glossary of Terms (Procedure 7.0001)

Based on board policy number and Florida Statutes:	F.S. 1001.64; 1001.65
Effective Date:	09/2015
Date of Review:	---

Purpose

The purpose of this procedure is to provide a glossary of terms related to College information technology and resources to ensure their consistent application and interpretation.

Procedure

1. Information Technology includes, but is not limited to, the following:
   • closed-circuit television
   • College website and web pages
   • computer systems
   • computers
   • data sets
   • distance learning materials and technology
   • e-mail and e-mail systems
   • Internet access
   • Enterprise servers
   • networks (wireless and wired access)
   • on-line courses
   • peripheral equipment (such as printers) and related hardware and software
   • storage devices (such as CD-ROMS and hard or soft drives)
   • support of any courses requiring IT services
   • workstations
2. The meaning of each of the terms listed here (in alphabetical order) should be interpreted as written regardless of the context in which it is presented (policies, procedures, discussion, announcements, etc.).
   1. Account - Refers to the computer access account, established for each person provided with access to the College's information technology systems.
   2. Contingent Worker/Person of Interest – Refers to an unpaid worker (i.e., can be a volunteer, an intern, or a person paid through a temporary employment agency), who is not classified as an employee but might need access to the College’s information systems to perform assigned tasks.
   3. Data
      1. Confidential data (also called restricted data)– such as: SSN, Grades, Financial aid data, etc., as stated in Data Classification, Security and Roles (Procedure 7.0500), is data protected by law or regulation whose improper use or disclosure could:
         1. Adversely affect the ability of the College to accomplish its mission
         2. Lead to possibility of identity theft by release of personally identifiable information of College constituents
         3. Put the College into a state of non-compliance with various state and federal regulations such as FERPA, HIPAA and GLBA
         4. Put the College into a state of non-compliance with contractual obligations
      2. Enterprise data – such as: data in PeopleSoft, Active Directory, etc., is centralized data shared by many employees of the College that is critical to the administration of the College.
      3. Restricted data (also called confidential data)– such as: SSN, Grades, Financial aid data, etc., as stated in Data Classification, Security and Roles (Procedure 7.0500), is data protected by law or regulation whose improper use or disclosure could:
         1. Adversely affect the ability of the College to accomplish its mission
         2. Lead to possibility of identity theft by release of personally identifiable information of College constituents
         3. Put the College into a state of non-compliance with various state and federal regulations such as FERPA, HIPAA and GLBA
         4. Put the College into a state of non-compliance with contractual obligations
      4. Sensitive data– By default, ALL INSTITUTIONAL DATA are classified as SENSITIVE:
         1. Data that Data Managers have decided NOT to publish or make public
         2. Data protected by contractual obligations.
         3. Purchasing data, Information covered by non-disclosure agreements … etc. as stated in Data Classification, Security and Roles (Procedure 7.0500)
   4. Data Leakage – The intentional or unintentional misuse of the College’s confidential sensitive data with the intended or unintended consequence of its release to non-authorized users.
   5. Device (also called Personally-Owned Devices or PODs) – Applies to any hardware and related software that is NOT owned or supplied by SSC, but could be used to access SSC resources. This includes devices that employees have acquired for personal use, but also wish to use in the business environment. It includes any personally-owned device capable of processing, storing, and sharing of SSC data and connecting to a network. Examples of such devices include but are not limited to; desktops, laptops, tablets, smart phones, handheld computers, or other removal media storage devices (i.e., USB drives, Optical drives … etc.).
   6. Email- The electronic transmission of information through a mail protocol such as SMTP or IMAP in our case is Microsoft Outlook.
      1. Chain email or letter - Email sent to successive people. Typically the body of the note has direction to send out multiple copies of the note and promises good luck or money if the direction is followed.
      2. Forwarded email - Email resent from an internal network to an outside point.
   7. Encryption – A procedure used to convert data from its original form to a format that is unreadable and/or unusable to anyone without the tools/information needed to reverse the encryption process.
   8. Locked - The information technology system account is considered locked when it is no longer available to the user in any capacity.
   9. Malware– Malicious software typically used as a catch-all term to refer to any software that causes damage to a computer, server, or computer network. The most common types of malware are: viruses, worms, Trojan-horses and spyware
      1. Backdoor - A malware type that bypasses the College’s computer authentication systems, potentially impacting all computer systems (e.g., desktops, laptops, tablets, servers, etc.).
      2. Botnet - A malware that is installed on a PC and remotely controlled by the botnet owner to commit cybercrimes.
      3. Rootkit – Stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
      4. Spyware - A program that secretly monitors your online activity and sends the data back to the programmer.
      5. Trojan-horses - An apparently useful and innocent application containing a hidden malicious program.
      6. Virus - Self-replicating malware requiring a host file that depends on human action to spread it.
      7. Virus Hoax – Email containing warnings about virus or malware typically with the intent to mislead users.
      8. Worm - Self-contained malware, needing no host file, which spreads automatically through networks.
   10. Personal Activities– Activities including but not limited to:
       1. Using College email, Internet, or other technology for personal endeavors involving social networking, blogs, personal banking accounts, cell phone operators, gaming, online gambling, social media non-work related websites, etc.
       2. Using College email to send a message that is unrelated to work to contact current or former employees, vendors, agents, or partners.
       3. Using College email to send or forward massive e-mails to public email systems, such as: Gmail, Yahoo, and Hotmail.
       4. Using College systems for instant messaging that is unrelated to work to contact current or former employees, vendors, agents or partners.
       5. Downloading massive non-work related copyrighted materials; software, documents, music, photos, videos, etc. to College information systems or equipment.
   11. Phishing– An attempt to acquire information such as usernames, passwords, money, and credit card information by masquerading as a trustworthy entity in an electronic communication.
       1. Phishing website – An attempt to acquire information (such as usernames, passwords, and credit card details) by masquerading as a trustworthy entity in an electronic communication. Phishing websites usually have a name close to the real website name and look like the original website.
   12. Professional Purposes – Work-related activity that is NOT personal activity.
   13. Proxy Website (or site) – Generally used to describe a Website that allows you to surf the Internet anonymously or allows you to unblock a Website.
   14. Removable Media – Devices or media readable and/or writable by the end user and able to be moved from computer to computer without modification to the computer. This includes flash memory devices (such as thumb drives, SD cards, cameras, MP3 players and PDAs); removable hard drives (including hard drive-based MP3 players); optical disks (such as CD and DVD disks; floppy disks and software disks).
   15. Roles
       1. Employee Roles - Refers to the computer access provided to employees in order for them to accomplish their duties and responsibilities.
       2. Instructor Roles - Refers to the computer access provided to employees who teach students.
       3. Student Roles - Refers to the computer access available to students of the College. Employees who are students of the College are provided with student roles in addition to any employee roles they might be provided in order to accomplish their duties and responsibilities.
   16. Row Level Security – Specifies the data that a particular user is permitted to access.
   17. Sensitive information - Sensitive information is information/data that must be protected from unauthorized access to safeguard the privacy or security of an individual or the College. Protection of sensitive information may be required for legal or ethical reasons. Please refer to Procedure 7.0500 Data Classification, Security and Roles to identify the sensitivity of information.
   18. Social Media- Media designed to be disseminated through social interaction using highly accessible and scalable publishing techniques. Social media uses Internet and web-based technologies to transform how people communicate with one another and receive news, information and entertainment. Types of social media include networks such as Facebook and YouTube but also include blogs and podcasts.
       1. Social Media Accounts - Accounts or profiles created in social media outlets such as Facebook, Twitter, YouTube, Flickr and LinkedIn.
       2. Social Media Poster or User - A person submitting content to any social media site that is officially recognized by Seminole State College of Florida.
   19. Spam – Commonly known as junk email or unsolicited bulk email.
   20. Threat Mitigation – The use of preventative measures to protect the integrity of the College’s computer systems.
   21. Unauthorized Disclosure - The intentional or unintentional revealing of restricted information to internal and external constituents unauthorized to receive that information that information. Please refer to Procedure 7.0500 Data Classification, Security and Roles to identify the sensitivity of information.
   22. Users – All employees who have access to College Information Technology resources via a College-assigned Userid and Password.

Recommended by	Executive Team	Date:	09/22/2015
Approved	President, E. Ann McGee	Date:	09/28/2015