世界杯压球 |定义|网络安全控制标准目录|信息安全办公室|信息技术|德克萨斯A&M大学科珀斯克里斯蒂分校

以下定义适用于本文件。《德州行政法典202.1信息安全适用条款与技术》也可用于提供额外指导。

账户 – information resource users are typically assigned logon credentials that include, at the minimum, a unique user name, and password.
帐户凭据 refers to an account’s logon ID and any items used to authenticate that logon ID, such as a password or certificate.
账户管理 指与帐户生命周期相关的所有活动，例如，帐户创建、帐户持续维护和帐户停用/删除。
管理帐户 – an access account that grants the user significantly elevated privileges above that granted to a typical user.
管理用户 – a user who possesses an administrative account.
异常活动 – workstation, server, or network work activity that is unusual or out of the ordinary and may be the indicator of malware or malicious user activity.
身份验证机制 – account names and passwords, security access cards, tokens, and keys associated with mechanisms that permit access to facilities, information resources, or data.
业务连续性 – the availability of critical resources and the continuity of operations to facilitate the effective operation of university business-related activities.
改变 –
- 任何新功能的实现，
- 任何服务中断；
- 对现有功能的任何修复
- 对现有功能的任何删除。
机密信息 – Information that is exempted from disclosure requirements under the provisions of the Texas Public Information Act or other applicable state or federal laws. 大多数学生档案都是保密档案。
承包商 – any company, and its employees, not affiliated with Texas A&M University-Corpus Christi, which provides a service to the university.
托管人 – A person (or department) providing operational support for an information system and having responsibility for implementing owner-defined controls and access privileges.
外部媒体存储设备 – any external device that is capable of storing electronic data. 外部媒体存储设备的例子包括但不限于：USB驱动器，闪存媒体，软盘，CD/DVD-ROM，外部硬盘驱动器，MP3播放器，iPods，移动电话，相机等。
文件所有者 – Holder (assignee) of the computer account which controls a file. 不一定是财产意义上的所有者。
国内流离失所者 表示身份提供者，即存储帐户凭据并根据这些凭据提供用户身份验证的任何服务。 Examples of University 国内流离失所者s include Active 目录, Open LDAP, and 横幅’s user account database.
国内流离失所者托管人 是管理国内流离失所者的人，因此不仅管理存储的身份，还管理创建、修改、禁用或删除身份的过程。
内部网 – the university’s network that is used to interconnect the university’s information resources and, when permitted, allow the connection of those resources to the 互联网.
互联网 – a worldwide, publicly accessible network of interconnected computer networks.
事件应变计划 – an organized approach to addressing and managing situations involving information resources and 敏感信息 in a manner that limits damage and reduces recovery time and costs.
信息资源 – The procedures, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.
信息资源设施 – the physical locations (rooms, closets, crawlways, cable conduit, etc) that house the supporting infrastructure and physical information resources used to manage 敏感信息.
恶意软件 – 软件 that is designed to operate in a manner that is inconsistent with the intentions of the user and which typically results in annoyance or damage to the user's information systems. 这类软件的例子包括：
- 病毒附加到主机程序上的代码片段，并在受感染程序执行时传播。
- 蠕虫：专门针对联网的计算机，进行跨网络的预编程攻击。
- 特洛伊木马：将恶意代码隐藏在看似有用的宿主程序中。
- 攻击脚本：这些漏洞可能是用Java或ActiveX等通用语言编写的，以利用程序中的弱点；通常用于跨网络平台。
- 间谍软件：安装在系统上的软件，用来捕获信息并向系统外的人透露信息。它可以在输入密码时捕捉击键、读取和跟踪电子邮件、记录访问过的网站、传递信用卡号码等等。它可以通过特洛伊木马或病毒植入，作为下载和执行的免费软件或共享软件程序的一部分安装，由雇主安装以跟踪计算机使用情况，甚至由广告公司植入以协助向用户提供目标广告。
关键任务信息 – Information that is defined by Texas A&M University-Corpus Christi or any division thereof (department, etc.), to be essential to their function(s) and would cause severe detrimental impact if the data/system were lost and unable to be restored in a timely fashion.
关键任务服务 – a service or information resource that is defined by the university or information resource owner to be essential to the continued performance of the mission of the university or department. 这种服务或信息资源的不可用将导致不仅仅是不便。导致关键任务服务不可用的事件将导致诸如重大财务损失，机构尴尬，和/或未能遵守法规或法律义务，或关闭大学或部门等后果。
网络基础设施 – all the University-owned or -managed hardware devices (“infrastructure devices”), media (e.g., fiber optic cables, copper cables), and software that permit the exchange of electronic information between two network nodes. 网络基础设施不包括传统的端点设备，如电话手持设备、工作站、打印机、传真机等，除非这些设备被配置为进一步将网络连接扩展到其他设备。基础设施包括但不限于：
- 所有墙内、天花板上或埋地语音、数据和视频电缆；
- 任何网络地址（如IP地址）；
- 所有重传或扩展网络连接的设备，如中继器、多路复用器、交换机、集线器、路由器、无线接入点等。
网络扩展或重传设备、系统和软件 – include, but are not limited to, the following: modems, hubs, routers, switches, wireless access points, ad hoc wireless interfaces, telecommunication voice devices, firewalls, virtual private network servers, virtual network connection software, and 互联网 Anonymizer servers.
网络扫描 – the process of transmitting data through a network to elicit responses in order to determine configuration state about an information system.
网络漏洞扫描 – the conduct of network scanning of an information system to determine the presence of security vulnerabilities in the information system.
保密协议 – a legal contract between at least two parties which outlines confidential materials or knowledge the parties wish to share with one another for certain purposes, but wish to restrict from generalized use.
老板 – A person responsible for a university function and for determining controls and access to electronic information resources supporting that university function.
密码/密码 – a secret word, phrase, or code used to serve as a security measure in authentication mechanisms to protect against unauthorized access to information resources and data.
网络钓鱼 – The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. 通常，电子邮件和网站看起来像是银行或其他合法电子商务网站的一部分，用户可以与它们进行常规业务。
便携式设备 包括便携式计算设备和便携式存储设备。
便携式计算设备 是一种计算设备，其设计便于一人长时间携带。便携式计算设备的例子包括笔记本电脑、平板电脑和智能手机。
便携式存储设备 是一种电子信息存储设备，其设计便于一人长时间携带。便携式存储设备的例子包括USB记忆棒和USB硬盘驱动器。
提供实体 – the university department that is permitting vendor access to their information resources.
限制个人信息 – Includes an individual's social security number, or data protected under state or federal law (e.g., financial, medical or student data).
资源整合 – the centralization of university information resources to reduce operational costs, increase server utilization, reduce real estate and facilities costs, improve availability, exploit new hardware platforms, and build an agile infrastructure able to respond more quickly to the rapidly changing requirements related to information technology.
资源托管人 – See 托管人
The 恢复时间目标（RTO） for a given information resource is a number that represents the maximum time the information resource can be unavailable, as determined by the business process owners who depend on that information resource. 例如，给定信息资源的RTO为一周意味着业务流程所有者已经确定该信息资源不可用的时间不能超过一周；否则，该机构的运营将受到重大损害。
The 恢复点目标（RPO） for a given information resource is a number that represents that maximum amount of recent data can be lost as determined by the business process owners who depend on that data. For example, an RPO of 24 hours for a given information resource means that the business process owners have determined that no more than the most recent 24 hours’ worth of data entered into that information resource may be lost; 否则，该机构的运营将受到重大损害。
清洁指使用符合美国国防部标准5220.22 m的程序覆盖存储设备上的数据。
安全基线 – the configuration of a network, the hosts on the network, and the applications on the host as detected by network, host, and application enumeration and vulnerability scanning tools. 应该在网络、主机和应用程序处于“已知良好”状态时收集安全基线的信息。安全基线用于检测配置和部署中的更改，以帮助实现策略和检测恶意活动。
安全事故 – any violation of Federal or State laws and regulations, Texas A&M System Policies, or Texas A&M University-Corpus Christi Rules or Procedures.
安全补丁 – a fix to a program that eliminates a vulnerability exploited by malicious hackers.
安全性测试 – a combination of systems configuration testing, network scanning, and network vulnerability scanning to determine the state of an information resource and the services it provides.
敏感信息 – any University information identifiable as confidential or controlled.
软件 – A computer program, which provides the instructions which enable the computer hardware to work. 系统软件，如Windows或MacOS，操作机器本身，而应用软件，如电子表格或文字处理程序，提供特定的功能。
垃圾邮件 – the abuse of electronic messaging systems to send unsolicited bulk messages.
系统管理员 – See 托管人
系统开发生命周期（SDLC） – a process used to develop and implement information resources, including requirements, validation, training, and user ownership through investigation, analysis, design, implementation, and maintenance. SDLC应该产生一个高质量的系统，满足或超过客户的期望，在时间和成本估计之内，在当前和计划的信息技术基础设施中有效和高效地工作，并且维护成本低，增强成本高。
德克萨斯州行政法典202 – information security standards for information resources purchased by agencies and institutions of higher education in the State of Texas.
大学科技委员会（UTC） – a group of management level university faculty and staff members responsible for providing direction and guidance to the university in matters concerning and pertaining to the universities information resources.
更新指软件应用程序或操作系统在功能上没有重大变化的修订版本。通常，更新是点发布（例如，Application X Version 5.2是对Application X Version 5.1的更新）。
升级指软件应用程序或操作系统在功能上有重大变化的修订版本。升级通常是完整版本的更改（例如，Application X version 5.0是对Application X version 4.0的升级）。
用户 – An individual or automated application authorized to access an information resource in accordance with the owner-defined controls and access rules.
供应商 – any company, and its employees, not affiliated with Texas A&M University-Corpus Christi, which provides a service to the university.
无线技术 – include, but are not limited to, any device capable of IEEE 802.11x, Bluetooth, Infrared, and/or cellular communications.
工作站 指可以附加到网络上的计算设备，该计算设备的资源一般不通过网络与其他网络用户共享。

定义

首席信息安全和隐私官