Definitions

The following terms are used in IT Security, but this is by no means a definitive list:

Availability

Access to information at agreed times.

Confidentiality

The restriction of information to those persons who are authorised to receive it.

Control

Means of managing risk, including policies, procedures and guidelines.

Data controller

A person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Data subject

An individual who is the subject of personal data.

Information

Information in all its forms; data stored on or transmitted by computer systems; and material that can be stored and distributed as audio, video, or other media.

Information Security

Protection of information to ensure business continuity and to provide appropriate levels of confidentiality, integrity and availability.

Information Security Incident

An actual or suspected event or series of events that could threaten the confidentiality, integrity and availability of information; or that put at risk the security of IT infrastructure and systems.

Information System

A set of software, databases and procedures organised to store and provide information that supports the operations and business of the University.

Integrity

The completeness and preservation of information in its original and intended form unless amended or deleted by authorised people or processes.

ISE

Information Strategy Executive. Has responsibility for monitoring the effectiveness of the University's IT Security.

IT Systems

Hardware, software, databases, communications facilities and procedures organised to capture and process, and to provide, protect and store information.

JANET

Joint Academic Network.

JANET-CERT

JANET Computer Emergency Response Team.

Key Information

Information that is critical to the functioning of the University, or sensitive, or which the University is obliged by law to maintain.

Personal data

Data which relate to a living individual who can be identified from those data, or those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.

Strong password

A strong password is sufficiently long, random, or otherwise producible only by the user who chose it, that successfully guessing it will require too long a time. Strong passwords typically contain upper and lower case letters, and a mix of alphabetic characters, digits, and special Characters.

Supporting Policies

Documents that define specific detailed requirements in support of the Information Security Policy.

System owner

A member of staff who is the primary contact for an information system, and who is responsible for the security of information held in it. System owners are identified in the IT Systems Catalogue.

The University

Sheffield Hallam University.

Third Party

An Individual or organisation contracted to work for or on behalf of the University either from University premises or remotely, who requires access to University IT systems or information systems.

Conventions

In the IT Security and supporting regulations and procedures, auxiliary verbs have been used consistently with these meanings:

shall

indicates a requirement of the Policy.

should

indicates a recommendation.

may

indicates permissibility.

might

indicates possibility or probability.

Sheffield Hallam University website