This term consists of these related concepts:

• Information/data and systems may only be used by authorized individuals to accomplish tasks related to their jobs. Use of the information and systems for personal gain, personal business, or for any activity which violates a law is prohibited.
• Information not classified as public must be protected, and must not be disclosed without authorization. Unauthorized access, manipulation, disclosure, or secondary release of such information constitutes a security breach, and may be grounds for disciplinary action.

Proving that devices or persons are who they say they are. The most common form of authentication is a user-id and password. The computer or electronic device must be capable of providing authentication.

Individual or entity permitted to make use of College computer or network resources. Authorized users include students, staff, faculty, alumni, sponsored affiliates, and other individuals who have an association with the College that grants them access to college IT resources.

Digital information that was created by or for the College or for which the College has a custodial responsibility.

Representatives of the College who are assigned responsibility to serve as stewards of College data. They are responsible for developing procedures for creating, maintaining, and using college data, in compliance with applicable policies, procedures, and laws.

The principal supervisor responsible for ensuring proper management of the data over its lifetime.

Facilities, technologies, and information resources used for information processing, transfer, storage, and communications. Examples include but not limited to computer labs, classroom technologies, computing and electronic communications devices and services, such as modems, e-mail, networks, telephones, voice mail, fax transmissions, video, multimedia, instructional materials.

Data that does not fall within the definition of "public" data as defined by the Family Educational Rights and Privacy Act (FERPA) or College policies.

Intentional or accidental occurrence affecting information or related technology in which there is a potential loss of data confidentiality or integrity, or disruption of service.

Events captured by the operating system or other software that are outside of established parameters. Examples include, but are not limited to, multiple log-on attempts within a short time period or attempted access of a protected file.

Processes, software, and hardware used by system and network administrators to ensure the confidentiality, integrity, and availability of the IT resources and data owned by the College and its authorized users. Security measures may include reviewing files for potential or actual policy violations and investigating security-related issues.