For easier navigation, please select a word from the drop-down list or click on a blue letter below .  The light blue arrows beside each letter in the Glossary will transport you back to the top of the page.
 

Access

        To approach, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system or computer network. [KS]

Adequate Security

        Security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls.

Agency Confidential Data

        Data which if disclosed to individuals other than those with a specific "need to know" would result in substantial harm to the agency or the State.

Application

        The use of information resources (information and information technology) to satisfy a specific set of user requirements.

Architectural Security

        Measures taken to guard against adverse occurrences to a structure of networks, computers or programs.

Audit

        An independent review and examination of system records and activities in order to test for accuracy of system controls, to ensure compliance with established policy and operational procedures and to detect breaches in security.

Authentication

        The process of verifying valid users or processes; the act of requiring the 'person' requesting access to a network, LAN, or system to identify themselves through one or more identification schemes. Screening only makes decisions based on source and destination addresses. Authentication makes decisions based on 'who' was at the source. Authentication can be as simple as a computer ID and password or as complex as one time passwords, challenge response passwords, or physical identification (retinal, voice, image, etc). [NIST Policy at 33, KS]

Computer

An electronic device which performs work using programmed instruction and which has one or more of the capabilities of storage, logic, arithmetic or communication and includes all input, output, processing, storage, software or communication facilities which are connected or related to such a device in a system or network. [KS]

Computer Crime

(a)    Willfully and without authorization gaining or attempting to gain access to and damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property;

(b)     Using a computer, computer system, computer network or any other property for the purpose of devising or executing a scheme or artifice with the intent to defraud or for the purpose of obtaining money, property, services or any other thing of value by means of false or fraudulent pretense or representation; or

(c)    Willfully exceeding the limits of authorization and damaging, modifying, altering, destroying, copying, disclosing or take possession of a computer, computer system, computer network or any other property. [KS]

Computer Network

The interconnection of communications lines, including microwave or other means of electronic communication, with a computer through remote terminals, or a complex consisting of two or more interconnected computers. [KS]

Computer Program

 A series of instructions or statements in a form acceptable to a computer which permits the functioning of a computer system in a manner designed to provide appropriate products from such computer system. [KS]

Computer Security Policy

The documentation of computer security decisions.  Managers face hard choices when making computer security decisions.  These choices involve organizational strategy, competing objectives, resource allocation, protecting technical and information resources and guiding employee behavior. [NIST policy]

Computer Software

Computer programs, procedures and associated documentation concerned with the operation of a computer system. [KS]

Computer System

 A set of related computer equipment or devices and computer software which may be connected or unconnected. [KS]

Computerized Data

Data in a form suitable for processing by computers.

Confidential Information

    The most sensitive student information that is intended strictly for use within the school.  This information is exempt from disclosure under the provisions of the Freedom of Information Act or other applicable federal laws or regulations.  Its unauthorized disclosure could seriously and adversely impact the school, its students and their parents, its teachers and administrators, and the school board.  Health care-related information should be considered at least CONFIDENTIAL. [NIST]
 

Confidentiality

    A person's obligation not to disclose or transmit information to unauthorized parties.  Confidentiality extends to information about individuals and organizations.  "In schools, districts, or state education agencies, that usually means establishing procedures that limit access to information about students or their families.  This access extends to the school officials who work directly with the students, agency representatives who serve as evaluators or auditors, or individuals who act on behalf of authorized education officials." [Primer for Privacy, I-4]

Critical Data

    Computerized data without which normal business operations would be significantly disrupted or seriously impaired.  This includes vital records and data necessary for the life, health, welfare, or safety of citizens.

Data  

    Raw information that lacks the context to be meaningful. When data is placed in a context, it becomes information.

Data Custodians

    Persons responsible for storing, processing, distribution, and communicating computerized data.

Data Users

    Persons who have access privileges to computerized data.

Dissemination

    The school - initiated distribution of information to the public. Not considered dissemination within the meaning of this Circular is distribution limited to government employees or agency contractors or grantees, intra- or inter-agency use or sharing of government information, and responses to requests for agency records under the Freedom of Information Act (5 U.S.C. 552) or Privacy Act.

Digital certificate

    An attachment to an electronic transmission that allows the recipient to authenticate the identity of the sender via third party verification from an independent certificate authority.

Digital Signature

    A code attached to an electronic message that is used to verify that the individual sending the message is really who he or she claims to be.

Directory Information

The part of the education record which "includes personal information about a student that can be made public according to a school system's student records policy.  Directory information may include a student's name, address, and telephone number, and other information typically found in school yearbooks or athletic programs." [Council of Chief State School Officers (written by Policy Studies Associates, Inc.), printed by National Center for Education Statistics for the National Forum on Education Statistics. (January, 1997)]

Disclosure

    "[P]ermitting access to, revealing, releasing, transferring, disseminating, or otherwise communicating all or any part of any individual record orally, in writing, or by electronic or any other means to any person or entity." [Primer for Privacy I-4]  The terms disclosure and release may be used interchangeably.

Educational Record

    Includes "a range of information about a student that is maintained in schools in any recorded way, such as handwriting, print, computer media, video or audio tape, film, microfilm, and microfiche . . . .  Personal notes made by teachers and other school officials that are not shared with others are not considered education records.  Additionally, law enforcement records created and maintained by a school of district's law enforcement unite are not education records."  [Council of Chief State School Officers (written by Policy Studies Associates, Inc.), printed by National Center for Education Statistics for the National Forum on Education Statistics. (January, 1997)]

Educational Records

    Those records that are directly related to a student and maintained by an educational agency or institution or by a party acting for the agency or institution.  [34 CFR 99.3 identifies several types of records that are not educational records.] [Young, IN]

Encryption

    The process of translating a file into an unintelligible format, or to encode it, via the use of mathematical algorithms or other encoding mechanisms. To open the document, the recipient must have a matching key to decrypt and read the message.

Firewall

    A computer or other communications device used to control access to/from a network or computer. The firewall shields a system from potential attacks by unauthorized individuals. [KS]

G

Government Information

    Information created, collected, processed, disseminated, or disposed of by or for the State or Federal Government.

Government Publication

    Information which is published as an individual document at government expense, or as required by law. (44 U.S.C. 1901)

Guidelines

    [Written statements designed] to assist users, systems personnel, and others in effectively securing their systems. The nature of guidelines, however, immediately recognizes that systems vary considerably and imposition of standards is not always achievable, appropriate, or cost-effective. An organization guideline may, for example, be used to help develop system-specific standard procedures. Guidelines are often used to help ensure that specific security measures are not overlooked, although they can be implemented, and correctly so, in more than one way.

Information

    Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual forms. Raw data that has taken on meaning by being placed in a context.

Information Dissemination Product

    Any book, paper, map, machine-readable material, audiovisual production, or other documentary material, regardless of physical form or characteristic, disseminated by an agency to the public.

Information Life Cycle

    The stages through which information passes, typically characterized as creation or collection, processing, dissemination, use, storage, and disposition.

Information Management

    The planning, budgeting, manipulating, and controlling of information throughout its life cycle.

Information Resources Management

    The process of managing information resources to accomplish agency missions. The term encompasses both information itself and the related resources, such as personnel, equipment, funds, and information technology.

Information System

    A discrete set of information resources organized for the collection, processing, maintenance, transmission, and dissemination of information, in accordance with defined procedures, whether automated or manual.

Information System Life Cycle

    The phases through which an information system passes, typically characterized as initiation, development, operation, and termination.

Information Security Officer

    A person who is responsible for reviewing the implementation of state and departmental policies and standards regarding the security of information pertaining to his respective agency.

Information Technology

    The hardware and software operated by an agency or by a contractor of an agency or other organization that processes information on behalf of the government to accomplish a governmental function, regardless of the technology involved, whether computers, telecommunications, or others.  It includes automatic data processing equipment [as defined in Section 111(a)(2) of the Federal Property and Administrative Services Act of 1949].

Intellectual Property

    The tangible or intangible results of research, development, teaching, or other intellectual activity. This includes things such as original written materials, software, trademarks, or product designs.

The Internet

"The international formal Department of Defense data network formed during the late 60's and early 70's. This network interconnects millions of computers world-wide. The protocol used on this network is strictly TCP/IP. There is a standardized naming and addresses policy for any site connected to this network." [KS]

Major Application

    An application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.

Non-Records

    All identical copies of forms, records, reference books, and exhibit materials which are made, or acquired, and preserved solely for reference use, exhibition purposes, or publication and which are not included within the definition of a record. [Young, IN]
 

Non-Repudiation

    Proof of origin of data, proof of original content, proof of delivery, and proof of original content received.  This ensures that a message or transaction was initiated by the identified sender and received by the identified receiver.  It protects against later denying responsibility for involvement in a communication. [Miller]

Organizational Standards

    These specify uniform use of specific technologies, parameters, or procedures when such uniform use will benefit an organization. Standardization of organization- wide identification badges is a typical example, providing ease of employee mobility and automation of entry/exit systems. Standards are normally compulsory within an organization.

Personal Records

"1.)    All documentary materials of a private or non-public character which do not relate to or have an effect upon the carrying out of the constitutional, statutory, or other official or ceremonial duties of a public official, including: diaries, journals, or other personal notes serving as the functional equivalent of a diary, or journal which are not prepared or utilized for, or circulated or communicated in the course of, transacting government business; or

2.)    Materials relating to private political associations, and having no relation to or effect upon the carrying out of constitutional, statutory, or other official or ceremonial duties of a public official and are not deemed public records." [Young, IN]

Policy

    Policy is written at a broad level.  Therefore, organizations also develop standards, guidelines, and procedures which offer users, managers, and others a clearer approach to implementing policy and meeting organizational goals. Standards and guidelines specify technologies and methodologies to be used to secure systems. Procedures are yet more detailed steps to be followed to accomplish particular security-related tasks. Standards, guidelines, and procedures may be disseminated throughout an organization via handbooks, regulations, or manuals.

Privacy

     "Privacy is a uniquely personal right that reflects an individual's freedom from intrusion.  Protecting privacy means ensuring that information about individuals is not disclosed without their consent.  A students right of privacy . . . [w]hile confidentiality . . . refers to restricting disclosure of information to authorized individuals only, privacy refers to protection from personal intrusion." [Primer for Privacy I-4]

Private Data

    This refers to data of a personal nature, which if disclosed to individuals other than those with an authorized "need to know" would be seriously detrimental to an individual or would be an invasion of a person's right to privacy. This applies to information covered by federal or State privacy laws and information ordered private by a court.  Its unauthorized disclosure could seriously and adversely impact the student and the school.

Procedures

    These normally assist in complying with applicable security policies, standards, and guidelines. They are detailed steps to be followed by users, system operations personnel, or others to accomplish a particular task (e.g., preparing new user accounts and assigning the appropriate privileges).

Property

    This includes, but is not limited to, financial instruments, information, electronically produced or stored data, supporting documentation and computer software in either machine or human readable form and any other tangible or intangible item of value. [KS]

Protocol

    A set of conventions governing the treatment and especially the formatting of data in an electronic communications system.  (Webster's Ninth New College Edition)

Public Information

    All information that does not clearly fit into the sensitive, confidential or private information classifications.  While its unauthorized disclosure is against policy, it is not expected to seriously or adversely impact the school, its employees, and/or its students.

Record

    All documentation of the informational, communicative or decision-making processes of state government, its agencies and subdivisions made or received by any agency of state government or its employees in connection with the transaction of public business or government functions, which documentation is created, received, retained, maintained, or filed by that agency or its successors as evidence of its activities or because of the informational value of the data in the documentation, and which is generated on: 1) paper or paper substitutes; 2) photographic or chemically-based media; 3) magnetic or machine readable media; 4) any other materials, regardless or form or characteristics. [Young, IN]

Records

    All books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the government or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the government or because of the informational value of the data in them.  Extra copies of documents preserved only for convenience of reference, and stocks of publications and of processed documents are not included. (44 U.S.C. 3301)

Records Management

    The planning, controlling, directing, organizing, training, promoting, and other managerial activities involved with respect to records creation, records maintenance and use, and records disposition in order to achieve adequate and proper documentation of the policies and transactions of the Federal Government and effective and economical management of agency operations. (44 U.S.C. 2901(2))

Retention Schedule

    A set of instructions prescribing how long a record series shall be kept. [Young, IN]

Router

    A communications device that 'decides' which path or circuit collections of data (packets) should be sent. Decisions are made based on what is the 'best' path to send a packet to its destination address. Best can be determined by many factors such as line speeds, cost of service (leased versus phone lines), and other factors. [KS]

Security Policy

    A collection of statements about the sensitivity of information on a system or LAN, the requirements for how that data must be protected, and the actions to be taken in the event the protection is violated. [KS]

Sensitive Information

    Information that requires special precautions to assure the integrity of the information, by protecting it from unauthorized modification or deletion.  It is information that requires a higher than normal assurance of accuracy and completeness.  Examples of sensitive information include school financial transactions and regulatory actions. [NIST, p.20]

Services

    They include, but are not limited to, computer time, data processing and storage functions and other uses of a computer, computer system or computer network to perform useful work. [KS]

Supporting Documentation

    This includes, but is not limited to, all documentation used in the construction, classification, implementation, use or modification of computer software, computer programs or data. [KS]

Telnet

A TCP/IP application that enables PC's to 'emulate' or mimic the function of a terminal across a TCP/IP network (such as the Internet) for accessing a remote computer. [KS]

Draft 5/12/00; modified 6/12/00.