Glossary of Terms
This document contains definitions for terms that are used throughout the Clemson University (hereinafter, the “University”) Information Security policies and procedures.
| Acceptable Use | An individual’s permitted activities while utilizing IT Resources of the University in accordance with the policies and procedures, and applicable state and federal laws. |
|---|---|
| Affiliate | An individual in a non-paid relationship with any department, school or college who requires access to university systems such as email. (Examples: Campus ministers, emeritus faculty, visiting scholars and volunteers.) |
| Chief Information Officer (“CIO”) | Senior-level employee with overall responsibility for the University’s IT Resources. |
| Chief Information Security Officer (“CISO”) | Senior-level employee with delegated responsibility for securing the University’s IT Resources. |
| Clemson Computing and Information Technology (“CCIT”) | Department of the University that manages and administers the IT Resources of the Univesity. |
| Computer Network | The means through which Data and Information is transferred between IT Resources and Information Systems. This includes Employee wired/wireless access, guest wired/wireless access, virtual private network (“VPN”), and local network connections. |
| Computing Device | General term that includes computer desktops, laptops, tablets, smartphones, and other specialized IT equipment. |
| Cyber Security | The ability to protect electronic IT Resources that are accessible via internal University networks or the internet. |
| Cyberspace | Virtual computer world (e.g., the Internet) used to facilitate online global communications. |
| Compensating Control | Mechanism put in place to satisfy a security measure that may be impractical to implement for a system or process. |
| Department | Operating unit of the University, which include colleges, schools, research, business, or service centers. |
| Data | Individual facts, statistics, or source information stored for reference or analysis . |
| Data Trustee | Executive leaders responsible for Data policies that promote the quality, access, inventory, definition, security, and Acceptable Use of Data across the University. |
| Employee | Any person in a non-student position at Clemson University who receives compensation from the University and where the University has the right to control and direct how the work is performed. |
| Endpoint | Any device that connects to the Clemson network, and includes any desktop or laptop purchased by Clemson and issued to a user. |
| Information | Data that is processed, organized, and structured. It provides context for the Data and enables decision making. |
| Information Security | The protection of IT Resources from unauthorized access, use, disclosure, disruption, modification, or destruction, with the goal of providing confidentiality, integrity, and availability. |
| Information Security Incident | An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an Information System or the Information the Information System processes, stores, or transmits or that constitutes a violation or imminent threat of violation of Information Security policies, Information Security procedures, or Acceptable Use policies. |
| Information System | An integrated set of components, such as hardware and software, for collecting, storing, and processing Data and thereby providing Information. |
| Information System Owner | Any person that is responsible for Information Security and overall operations of a specific University Information System. |
| Information Technology (“IT”) | The use of Computing Devices and Computer Networks to create, process, store, retrieve and exchange electronic Data and Information. |
| IT Consultant | Person(s) responsible for the support of Information Systems and services. Responsibilities include, but are not limited to, the implementation, configuration, maintenance, and decommissioning of Information Systems and services. |
| IT Credentials | The combination of a User Account and password that controls access to Data, Information, Computing Devices, Computer Networks, or Information Systems. Two-factor controls are also a part of IT Credentials. |
| IT Resources | Includes Computer Networks, Computing Devices, and Information Systems used to store, process, or transmit Information and/ or Data, and additionally includes all such Information and Data. |
| Office of Information Security (“OIS”) | The University’s Information Security office that is responsible for coordinating the development and dissemination of Information Security policies, standards, and guidelines. |
| Principle of Least Privilege | Concept that User Accounts are granted as few privileges as possible to IT Resources, and that access is based on roles and responsibilities. |
| User | Individuals with electronic access to the University’s IT Resources. This includes employees, students, visitors, contractors, and others granted access to the IT Resources. |
| User Account | An identity created for a User in a Computing Device for accessing IT Resources. Accounts contain a unique username or login ID and require a password or other IT Credentials to successfully authenticate. |
