Computer Use/Electronic Information: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 201: | Line 201: | ||
'''Denial of service''' is an event in which a user or organization is deprived of resource services that they would normally expect to have.<br /> | '''Denial of service''' is an event in which a user or organization is deprived of resource services that they would normally expect to have.<br /> | ||
<br /> | <br /> | ||
'''Information''' is data presented in readily comprehensible form. (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.) Information may be stored or transmitted via electronic media on paper or other tangible media, or be known by individuals or groups. Information generated in the course of University operations is a valuable asset of the University and property of the University. | '''Information''' is data presented in readily comprehensible form. (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.) Information may be stored or transmitted via electronic media on paper or other tangible media, or be known by individuals or groups. Information generated in the course of University operations is a valuable asset of the University and property of the University.<br /> | ||
< | |||
<br /> | <br /> | ||
'''Information custodians''' are people responsible for specifying the security properties associated with the information systems their organization possesses. This includes the categories of information that users are allowed to read and update. The information custodian is also responsible for classifying data and participating in ensuring the technical and procedural mechanisms implemented are sufficient to secure the data based upon a risk analysis that considers the probability of compromise and its potential business impact.<br /> | |||
<br /> | <br /> | ||
'''Information security''' is defined as the ability to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss.<br /> | |||
<br /> | <br /> | ||
'''Information systems''' are an interconnected set of informational resources under the same direct management control that shares common functionality.<br /> | |||
<br /> | <br /> | ||
<br /> | <br /> | ||
Information technology resources (system) include but are not limited to voice, video, data and network facilities and services.<br /> | |||
<br /> | <br /> | ||
'''Information Technology Support Personnel''' are the individuals who as a function of their job provides IT support. This includes ITS support staff, departmental system administrators and IT support staff within the units.<br /> | |||
<br /> | <br /> | ||
'''Personal accounts''' allow an individual user to logon to specific applications or systems using personal or unique ID and password.<br /> | |||
<br /> | <br /> | ||
'''Privacy''' is defined as the right of individuals to keep information about themselves from being disclosed.<br /> | |||
<br /> | <br /> | ||
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records, and student records. (See UNMC Policy No. 6045, [[Privacy/Confidentiality|Privacy, Confidentiality and Information Security Policy]] for more detailed information.)<br /> | |||
<br /> | <br /> | ||
'''Protected Health Information (PHI)'''is individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that: | |||
#is created or received by UNMC; and | |||
#Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. | |||
Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record.<br /> | |||
<br /> | <br /> | ||
'''Shared accounts''' (i.e., generic or general accounts) allow multiple users to logon to the information technology resources using the same ID and password.<br /> | |||
<br /> | <br /> | ||
'''Shared file''' is a collection of electronic PHI maintain on personal or departmental computers. This would include spreadsheets, databases, correspondence, quality improvement and research data files.<br /> | |||
<br /> | <br /> | ||
'''Social engineering''' describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.<br /> | |||
<br /> | <br /> | ||
'''Strong authentication method''' is a layer of security which requires a token or biometric authentication. This represents two factor authentication involving something you know (i.e. user id) and something you have (i.e., Secured card).<br /> | |||
<br /> | <br /> | ||
'''System administrators''' are the people responsible for configuring, administering, and maintaining hardware and operating systems.<br /> | |||
<br /> | <br /> | ||
'''Workforce''' refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.<br /> | |||
<br /> | <br /> | ||
Reference: [http://www.ucop.edu/information-technology-services/ University of CA Guidelines], January 28, 2004 | |||
==Additional information== | ==Additional information== | ||
* | *[http://www.unmc.edu/its/information_security.htm Information Technology Services]<br /> | ||
*Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources] | *Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources] | ||
*UNMC Policy No. 6036, [[Reproducing_Copyrighted_Materials|Reproduction of Copyrighted Materials]] | *UNMC Policy No. 6036, [[Reproducing_Copyrighted_Materials|Reproduction of Copyrighted Materials]] | ||
*UNMC Policy No. 6045, [[Privacy/Confidentiality|Privacy, Confidentiality and Information Security Policy]] | |||
*UNMC Policy No. 6057, [[Protected Health Information (PHI)|Use and Disclosure of Protected Health Information]]). | *UNMC Policy No. 6057, [[Protected Health Information (PHI)|Use and Disclosure of Protected Health Information]]). | ||
*UNMC Policy No. 6065, [[Fax Transmissions|Facsimile Transmissions]]). | *UNMC Policy No. 6065, [[Fax Transmissions|Facsimile Transmissions]]). |