Asset custodian means an individual, group or external provider to whom responsibility for the information security of an information asset is delegated by the Asset owner. Asset custodian will commonly be a Service Owner but may also be the owner of a non-technical business service or process. Show Asset owner means an individual who holds accountability for an information asset. An asset owner is the owner of specific data elements, wherever the data resides. An asset owner may delegate operational responsibility to many asset custodians. Availability refers to ensuring that authorized parties are able to access the information when needed. Information only has value if the right people can access it at the right times. Central facilities means the data networks owned or operated by the University for which the Executive Director, Business Services and Chief Technology Officer is responsible and includes all associated computing and network facilities but does not include any local facilities. Computing and network facilities includes computers, computer systems, data network infrastructure, dial‐in network access facilities, email and other communications and information facilities together with associated equipment, software, files, and data storage and retrieval facilities, all of which are owned or operated by the University and form part of the central facilities or the local facilities. Confidentiality is the property, that information is not made available or disclosed to unauthorised individuals, entities, or processes. Defence in depth means the practice of layering information asset defences to provide added protection. External provider means an external entity which provides an information system to the University or a service that involves the handling or processing of information assets. Generic user account means an account that does not have a named owner or does not belong to any one individual. Information asset means recorded information in any format. Information security means the preservation of confidentiality, integrity and availability of information assets, and may also include other properties such as authenticity, accountability, non-repudiation and reliability of information assets. Information Security Management Framework (ISMF) governs the processes and responsibilities comprising the overall information security framework. It is supported by a suite of policies, processes and metrics which apply to all information assets accessed by employees, students, contractors, agents and third parties. Information security program means the operations, initiatives and activities that are undertaken to ensure the confidentiality, integrity, availability and accountability of the University’s information assets. Information system means hardware, software, devices, networks, media and other resources that store, process or transmit information assets, whether individually or in combination. Integrity means that information assets, facilities and services are what they are reasonably represented as. They are protected from tampering which would make their content or functionality other than what would be reasonably expected. Least privilege means that entities (whether these are people, processes, or devices) must be assigned the fewest privileges consistent with their assigned duties and functions. Under this approach, zero access is the default access level, and access is added or opened as required, but no more than the minimum access levels necessary to perform required functions or tasks. Line manager means the direct manager in a division who is responsible for the management of employees. Local facility means a network of interconnected computers and equipment operated by a particular faculty, department or other organisational unit of the University and for which the Executive Director, Business Services and Chief Technology Officer is not responsible, whether or not that network is also connected to the central facilities. This includes all associated computing and network facilities. Non-compliance means any action or inaction that is contrary to this policy and its related processes or standards. Privileged user means a user with a high level of access to data (with the power to read, update, delete) and is able to perform functions over and above those that can be completed by the majority of users. Provider means the University division or third-party provider which provides and manages any part of the facilities. Segregation of duties means the controls that support the separation of incompatible duties and/or responsibilities. Segregation of duties helps to ensure that individuals are not able to: (a) conceal errors and/or irregularities; (b) cause the inaccurate or incomplete reporting of financial information; and (c) commit fraud, theft or other illegal acts. Service owner means an individual who has been allocated responsibility for an information system (such as an. application, device, network, cloud service, or a specific component thereof). There is only one service owner for each information system. A service owner will commonly be delegated asset custodian responsibilities by several asset owners. Significant assets means information assets that support the efficient and effective operation of key business processes. Significant assets can be identified by undertaking an assessment in accordance with the University’s Risk Management Policy to determine if the information has value to the University. Student has the meaning given to it in Part 8, Division 1 – Student Misconduct – of the Academic Board Regulation. Use means any act or omission by a user which affects in any way the operation of an information system. User(s) means any person who uses, or may impact the security of, university information assets whose activity the University may reasonably expect to able to exert authority. This includes, but is not limited to staff, students, officers, third parties and other agents. Is the property that information is not made available or disclosed to unauthorized individuals entities or processes?Confidentiality. In information security, confidentiality "is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes. " While similar to "privacy," the two words are not interchangeable.
What is the definition of confidentiality information security?“Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.”
What are the 3 components of information security?When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.
What is integrity in information security?Integrity means that data or information in your system is maintained so that it is not modified or deleted by unauthorized parties. This is an important element of data hygiene, reliability and accuracy.
|
