Wiki

User Tools

Site Tools

Trace:
policies:information_resources_use_and_security_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
policies:information_resources_use_and_security_policy [2016/07/14 20:48] peterpolicies:information_resources_use_and_security_policy [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 116: Line 116:
 **Information Resources Custodian (Custodian)** - an individual, department, Institution, or third-party service provider responsible for supporting and implementing Information Resources Owner defined controls to Information Resources.  Custodians include Information Security Administrators, institutional information technology/systems departments, vendors, and any third-party acting as an agent of or otherwise on behalf of an Institution. **Information Resources Custodian (Custodian)** - an individual, department, Institution, or third-party service provider responsible for supporting and implementing Information Resources Owner defined controls to Information Resources.  Custodians include Information Security Administrators, institutional information technology/systems departments, vendors, and any third-party acting as an agent of or otherwise on behalf of an Institution.
  
-**Information Resources Manager (IR**M) - the executive responsible for Information Resources across the whole of the institution.+**Information Resources Manager (IRM)** - the executive responsible for Information Resources across the whole of the institution.
  
 **Information Resources Owner (Owner)** - the manager or agent responsible for the business function that is supported by the Information Resource or the individual upon whom responsibility rests for carrying out the program that uses the resources.  The Owner is responsible for establishing the controls that provide the security and authorizing access to the Information Resource.  The Owner of a collection of information is the person responsible for the business results of that system or the business use of the information.  Where appropriate, ownership may be shared.  Note: In the context of this Information Security Policy and Standards, Owner is a role that has security responsibilities assigned to it by System policy.   It does not imply legal ownership of an Information Resource.   All Information Resources are legally owned by the System. **Information Resources Owner (Owner)** - the manager or agent responsible for the business function that is supported by the Information Resource or the individual upon whom responsibility rests for carrying out the program that uses the resources.  The Owner is responsible for establishing the controls that provide the security and authorizing access to the Information Resource.  The Owner of a collection of information is the person responsible for the business results of that system or the business use of the information.  Where appropriate, ownership may be shared.  Note: In the context of this Information Security Policy and Standards, Owner is a role that has security responsibilities assigned to it by System policy.   It does not imply legal ownership of an Information Resource.   All Information Resources are legally owned by the System.
Line 124: Line 124:
 **Information Security Program** - the Policies, Standards, Procedures, Guidelines, elements, structure, strategies, objectives, plans, metrics, reports, resources, and services adopted for the purpose of securing System Information Resources. **Information Security Program** - the Policies, Standards, Procedures, Guidelines, elements, structure, strategies, objectives, plans, metrics, reports, resources, and services adopted for the purpose of securing System Information Resources.
  
-**Information System - an interconnected set of Information Resources under the same direct management control that shares common functionality.  An Information System normally includes hardware, software, Network Infrastructure, information, data, applications, communications, and people.+**Information System** - an interconnected set of Information Resources under the same direct management control that shares common functionality.  An Information System normally includes hardware, software, Network Infrastructure, information, data, applications, communications, and people.
  
 **Information Technology (IT)** - the hardware, software, services, supplies, personnel, facilities, maintenance, and training used for the processing of Data and telecommunications. **Information Technology (IT)** - the hardware, software, services, supplies, personnel, facilities, maintenance, and training used for the processing of Data and telecommunications.
Line 224: Line 224:
 **System Administration** - the central administrative offices that provide oversight and coordination of the activities of the System and its Institutions. **System Administration** - the central administrative offices that provide oversight and coordination of the activities of the System and its Institutions.
  
-System Data (Data) - All Data or Information held on behalf of the System and its Institutions created as a result of and/or in support of the System business, or residing on System Information Resources, including paper records.+**System Data (Data)** - All Data or Information held on behalf of the System and its Institutions created as a result of and/or in support of the System business, or residing on System Information Resources, including paper records.
  
 **System Shared Data Centre** - any data centre governed by the Shared Data Centre group on behalf of the System. **System Shared Data Centre** - any data centre governed by the Shared Data Centre group on behalf of the System.
  
-**Systemwide Information Security Program** – the System policies, standards, procedures, elements, structure, strategies, objectives, plans, metrics, reports, resources, and services that establish requirements and provide for oversight and supplemental support for Institutional Information Security Programs.+**System-wide Information Security Program** – the System policies, standards, procedures, elements, structure, strategies, objectives, plans, metrics, reports, resources, and services that establish requirements and provide for oversight and supplemental support for Institutional Information Security Programs.
  
 **User** - an individual, automated application, or process that is authorized by the Owner to access the resource, in accordance with loca and country law, policy, and the Owner's procedures and rules.  Has the responsibility to (1) use the resource only for the purpose specified by the Owner, (2) comply with controls established by the Owner, and (3) prevent the unauthorized disclosure of Confidential Data.  The user is any person who has been authorized by the Owner of the information to read, enter, or update that information.  The User is the single most effective control for providing adequate security. **User** - an individual, automated application, or process that is authorized by the Owner to access the resource, in accordance with loca and country law, policy, and the Owner's procedures and rules.  Has the responsibility to (1) use the resource only for the purpose specified by the Owner, (2) comply with controls established by the Owner, and (3) prevent the unauthorized disclosure of Confidential Data.  The user is any person who has been authorized by the Owner of the information to read, enter, or update that information.  The User is the single most effective control for providing adequate security.
policies/information_resources_use_and_security_policy.1468529334.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki