The University of Texas at Austin
As part of the Web Central Services Retirement project, the ITS website will be retired. Information about IT services will be replaced by two new sites, IT@UT and UT ServiceNow, and ITS departmental information will be migrated to a new location. All changes will be completed by 7/28/2016.

ITS Glossary



Access Control
A combination of authentication and authorization used to secure access to Web resources. See also: Authentication, Authorization
Access Controls
Access controls are the means by which the ability to use, create, modify, view, etc., is explicitly enabled or restricted in some way (usually through physical and system-based controls).
That combination of user name and password that provides an individual, group, or service with access to a computer system or computer network.
Active Directory
Active Directory provides a way to manage network resources, including printers, e-mail, and user accounts. Active Directory treats network resources as objects that are arranged in a hierarchical framework called a forest. See also: Forest, Objects
Active Directory Domain
Domains are groups of computers and other network resources connected to a central directory service (e.g., Austin Active Directory). Along with forests and trees, domains are a primary component of the typical Active Directory network structure. See also: Forest, Tree
A form of spyware that enters your computer from an Internet download. Like spyware, it monitors your computer use, such as what Web sites you visit. Adware gets its name from also launching numerous pop-up ads in your browser. What to do: Visit the BevoWare Web site to download anti-virus and anti-spyware software. Update regularly. See also: Pop-up Messages or Ads, Spyware
Anti-Virus Software
Anti-virus software will protect your computer from viruses encountered on the Web. New viruses are born every day, so it’s important to update your anti-virus software regularly. What to do: Information Technology Services (ITS) provides students, faculty and staff at the university with security software at no additional cost through the BevoWare Web site. BevoWare includes Symantec anti-virus, firewall and firewall products. Download, install and run security software from BevoWare on your own personal computer today.
Apollo Steward
Apollo stewards provide customer support for the Apollo system and perform routine maintenance activities.

Apollo applications are organizational and storage tools used to control access to systems such as Mainframe (3270) systems or UT Direct services. Apollo applications generally have similar names as the application they correspond to. Application names start with a two-letter *DPUSER prefix, such as BD for Budget or NR for Student Records.

Applications can have up to 10 attributes, each of which represents a logical component of the corresponding system.

See also: Attribute, Authorization
A collection of resources on one or more TAM-protected servers that share an access control profile within the central TAM system.
Application Owner
Application owners can add and remove any authorizations to and from people or groups for the application they own. Owners can also change application metadata. For example, an application owner can add new attributes or delete exsiting ones, or modify the metadata about those attributes. Applications can have up to five owners. See also: Application, Authorization
Assignable Attribute
Another name for an attribute. Assignable attributes are owned by the application owners; only the application owner or a delegate can grant an assignable attribute. Compare with an ownable attribute. See also: Application Owner, Attribute, Ownable Attribute
Asymmetric Encryption
Cryptography in which a pair of keys is used to encrypt and decrypt a message. The sender of the message encrypts the message with the recipient’s public key. The recipient then decrypts the message with his/her private key.
A document, a picture, a video clip, program or any other kind of file that can be attached and sent with an e-mail or instant message. Malicious programs, viruses or spyware are commonly spread through attachments. What to do: Never open or download an IM or e-mail attachment from an unknown source or one that you are not expecting. Be cautious of attachments ending in .exe, .com, .scr, .bat or .pif. By simply deleting a suspect attachment or message, you take another step in protecting your computer.
Attributes are groupings of similarly structured authorizations within an application. For example, an attribute might represent departments. There are two types of attributes: ownable and assignable. Each application can have a maximum of 10 attributes. See also: Application, Assignable Attribute, Authorization, Ownable Attribute
Attribute Owner
An individual who is authorized to grant and remove authorizations that have the Field 1 value they own, regardless of the Field 2 value. Only ownable attributes may have an attribute owner. See also: Authorization, Field 1, Field 2, Ownable Attribute
Information about an identity that has been authenticated by the central TAM system. TAM provides this information to the resources on the protected Web server through the HTTP request headers. TAM provides the following attributes:
  • displayName – User name in First M Last format.
  • utexasEduPersonEid – UT EID.
  • utexasEduPersonUin – UIN.
  • utexasEduPersonEidClass – EID class (MEM, AFF, or GUE).
  • utexasEduPersonAffCode* – EID affiliation in component-affiliation format, such as 0SFCU for current staff at The University of Texas at Austin. Refer to the uTexas Enterprise Directory Schema Person Attributes for a list of valid values.
  • utexasEduPersonEntitlementCode* – EID entitlement codes. Refer to the list of entitlements for valid values.
  • * These properties can be multi-valued. If more than one value exists, values are separated by commas. See also: Web Server Agent

    Audits determine what values are permissible for an application or group. For example, an audit for a particular group might require all group members to be faculty, while an attribute value audit might limit acceptable values to buildings on the UT Austin campus.

    Audits are written by application developers. The audit must be a Natural subprogram or Secured Module stored in the System Library. Application owners can apply an audit to their groups or applications.

    See also: Application, Application Owner

    The process of confirming a claimed identity. All forms of authentication are based on something you know, something you have, or something you are.

    • 'Something you know' is some form of information that you can recognize and keep to yourself, such as a personal identification number (PIN) or password.
    • 'Something you have' is a physical item you possess, such as a photo ID or a security token.
    • 'Something you are' is a human characteristic considered to be unique, such as a fingerprint, voice tone, or retinal pattern.

    Authorizations allow individuals to access specific features or functions of a system. Similarly structured authorizations are grouped together under a single attribute.

    Each authorization is comprised of up to two values: Field1 and Field2. The values for the fields are static strings pre-defined by the application owner, or they can be freeform (insert text here format). The freeform values may or may not have audits to ensure proper values.

    Authorizations must be approved by the authorization administrator.

    See also: Application, Attribute, Authorization Administrator, Field 1, Field 2
    The process used to verify a user's right to perform an action or access a resource. Authorization decisions should be made by the application being protected. By default, TAM does not handle authorization for an application. See also: Application
    The act of granting permission for someone or something to conduct an act. Even when identity and authentication have indicated who someone is, authorization may be needed to establish what actions are permitted.
    Authorization Administrator
    An authorization administrator is allowed to add or remove an authorization. Administrators can include application owners, attribute owners, super-users, and delegates. See also: Application Owner, Delegate, Super-user
    Availability represents the requirement that an asset or resource be accessible to authorized person, entity, or device.

    Back to top


    In a computer system, a backdoor refers to an overlooked or hidden entry into a computer system. A backdoor allows a hacker or other unauthorized user to bypass a password requirement and to gain access to a computer.
    Copy of files and applications made to avoid loss of data and facilitate recovery in the event of a system crash.
    BevoWare is a selection of free, useful software available to all current students, faculty and staff members at The University of Texas at Austin. BevoWare includes anti-virus, firewalls, Web browsers, media viewers, and lots more. It is all available to download from ITS online at the BevoWare Web site. BevoWare includes: Norton and Symantec Anti-Virus, Symantec Firewall, SpyBot Search & Destroy, Adobe Acrobat, Apple QuickTime, Macromedia Flash Player, and SpyWare Blaster. Download, install and run security software from BevoWare on your personal computer today.
    Business Continuity Plan (BCP)
    The documentation of a predetermined set of instructions or procedures that describe how an organization's business functions will be sustained during and after a significant disruption.
    Business Impact Analysis (BIA)
    An analysis of an IT system's requirements, processes, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

    Back to top


    Category-I Data
    University data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA, FERPA, EAR, ITAR, Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included (see extended list of Category I data classification examples).
    Category-II Data
    University data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific e-mail, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.
    Category-III Data
    University data that are not otherwise identified as Category-I or Category-II data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.
    Certificate Authority (CA)
    A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.
    Certificate Management Plan (or Certificate Policy)
    The administrative policy for key and certificate management. This plan addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of encryption key and digital certificates. For an example, refer to the X.500 Certificate Policy for the Virginia Polytechnic Institute and State University.
    Certificate Practice Statement (CPS)
    A statement of the practices, which a certification authority employs in issuing certificates. See examples at the University of Washington and Virginia Polytechnic Institute and State University.
    Includes any implementation of new functionality, any interruption of service, any repair of existing functionality, and any removal of existing functionality.
    Change Management
    The process of controlling modifications to hardware, software, firmware, and documentation to ensure that information technology resources are protected against improper modification before, during, and after system implementation.
    Computer Incident Response Team (CIRT)
    Personnel responsible for coordinating the response to computer security incidents in an organization.
    Computer Object
    A computer object refers to a computer that is connected to–and exists as an object in–the Active Directory forest. See also: Forest, Objects
    The classification of data of which unauthorized disclosure/use could cause serious damage to an organization or individual.
    Confidential Information
    Information maintained by state agencies and universities that is exempt from disclosure under the provisions of the Public Records Act or other applicable state and federal laws. The controlling factor for confidential information is dissemination.
    Confidential Personal Information
    Information that alone or in conjunction with other information identifies an individual, including an individual’s name, social security number, date of birth, or government-issued identification number; mother ’s maiden name; unique biometric data, including the individual ’s fingerprint, voice print, and retina or iris image; unique electronic identification number, address, or routing code; and telecommunication access device. See also: Strong Passwords
    A small data file that a Web site installs on your computer's hard drive to collect information about your activities on the site or to allow other capabilities on the site. Web sites use cookies to identify returning visitors and profile their preferences on the site. For example, many online shopping sites use cookies to monitor what items a particular shopper is buying to suggest similar items. Cookies are somewhat controversial as they raise questions of privacy and can be used by hackers as spyware.
    Guardian or caretaker; the holder of data, the agent charged with implementing the controls specified by the owner. The custodian is responsible for the processing and storage of information. The custodians of information resources, including entities providing outsourced information resources services to the university, must:
    • Implement the controls specified by the owner(s).
    • Provide physical and procedural safeguards for the information resources.
    • Assist owners in evaluating the cost-effectiveness of controls and monitoring.
    • Implement the monitoring techniques and procedures for detecting, reporting, and investigating incidents.

    Back to top


    Research Data are recorded information, regardless of form in which the information may be recorded, that constitutes the original data that are necessary to support research activities and validate research findings.  Research data may include but are not limited to: printed records, observations and notes; electronic data; video and audio records, photographs and negatives, etc.

    Digital Research Data are defined as the subset of research data as defined below that are transmitted by or maintained in, electronic format and include any of the following: (a) Electronic storage data including storage devices in computers (hard drives, memory) and any removable/transportable digital storage medium, such as magnetic tape or disk, optical disk, or digital memory card; or (b) Transmission data used to exchange information already in electronic storage format. Transmission data include, for example, the Internet (wide-open), extranet (using Internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, intranet, and the physical movement of removable/transportable electronic storage data.

    Sensitive Digital Research Data are data defined by the university as Category-I data. 

    Category-I data are university data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included (see extended list of Category I data classification examples).

    Category-II data are university data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific e-mail, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.

    Category-III data are university data that are not otherwise identified as Category-I or Category-II data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.

    Data Encrypting Keys
    Keys used with symmetric key algorithms to apply confidentiality protection to information.
    Data Steward
    University representatives, such as faculty, staff, or researchers, who are tasked with managing administrative and/or research data owned by the university. Such data is to be managed by a data steward as a university resource and asset. The data steward has the responsibility of ensuring that the appropriate steps are taken to protect the data and that respective policies and guidelines are being properly implemented. Data Stewards may delegate the implementation of university policies and guidelines to professionally trained campus or departmental IT custodians.
    Data Stewardship
    Data stewardship is the formalization of accountability for the management of the university’s data.
    A collection of records stored in a computer in a systematic way, such that a computer program can consult it to answer questions. Each record is often organized as a set of data elements to facilitate retrieval and sorting. The data retrieved in answer to queries become are then used to make decisions.
    Delegates are appointed by an authorization administrator and are allowed to grant specific authorizations (delegates must also have these authorizations themselves). Delegates can only grant authorizations for assignable attributes. See also: Assignable Attribute, Authorization, Authorization Administrator
    Digital Certificate
    A data structure used in a public key system to bind a particular, authenticated individual to a particular public key.
    Digital Data
    The subset of Data (as defined above) that is transmitted by or maintained made available in, electronic media.
    Digital Signature
    A digital signature is a type of electronic signature, which cannot be forged. A digital signature provides verification to the recipient that the file came from the user or entity identified as the sender, and that it has not been altered since it was signed. (See Digital Signature Standard [DSS].)
    Directory Service Command Line utility (dscl)
    The Directory Service Command Line utility is an application provided by Apple with Mac OS X that is used for creating, reading, and managing directory service data, including data managed by Active Directory. For more information regarding how to use dscl, see Apple's dscl developer documentation.
    Disaster Recovery Plan (DRP)
    A written plan for processing critical IT applications in the event of a major hardware or software failure or destruction of facilities. Such plans are designed to restore operability of the target system, application, or computer facility at an alternate site after an emergency.
    See also: Active Directory Domain
    The transfer of data from one computer (or server) to another computer. Downloading can refer to documents, software programs, photo, music or movie files. Often downloads can mask unwanted malicious programs. What to do: When you go to download that "free" screen saver, you may also be downloading spyware or a virus. Make sure you only download material from a legal, well-known source. Also, since instant message and e-mail sender names can be spoofed, only download instant message or e-mail attachments that you are expecting. See also: Attachment

    Back to top


    eCommerce Merchant
    A department that processes online Web credit card payments or uses equipment that has an external facing IP address. See also: Non-eCommerce Merchant
    Elecronic Media
    Any of the following: a) Electronic storage media including storage devices in computers(hard drives, memory) and any removable/transportable digital storage medium, such as magnetic tape or disk, optical disk, or digital memory card; or b) Transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the internet (wide-open), extranet (using internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, intranet, and the physical movement of removable/transportable electronic storage media.
    Electronic Mail (e-mail)
    Any message, image, form, attachment, data, or other communication sent, received, or stored within an electronic mail system.
    Electronic Mail System
    Any computer software application that allows electronic mail to be communicated from one computing system to another.
    Emergency Change
    When an unauthorized immediate response to imminent critical system failure is needed to prevent widespread service disruption.
    The process of converting data into a cipher or code in order to prevent unauthorized access. Encryption obfuscates data in such a manner that a specific algorithm and key are required to interpret the cipher or code. The keys are binary values that may be interpretable as the codes for text strings, or they may be arbitrary numbers. The purpose of encryption is to prevent unauthorized access to data while it is either in storage or being transmitted. See also: File-level encryption, Recoverability, Whole-disk encryption
    University of Texas at Austin
    Data decryption keys held in trust by a third party to be turned over to the user only upon fulfillment of specific authentication conditions.
    Executive Compliance Committee
    A committee, chaired by the President of the university and composed of other executive level members of the faculty and staff, charged with oversight of the university’s institutional compliance program.

    Back to top


    Fat Cookie
    A modified Web browser cookie that is encoded and digitally signed. The Fat Cookie is a component of the legacy authentication system that TAM will replace, and after the initial TAM release, it will be gradually phased out. The Fat Cookie allows a Web application that is not deployed on ITS centrally administered servers to use UT EID logon authentication.
    Field 1

    An authorization must be composed of a value for Field 1. This field can be a single value or a list of values. The values for the field can be static strings pre-defined by the application owner, or they can be freeform (insert text here format). The freeform values may or may not have audits to ensure proper values.

    The Field 1 name is identical to the name of the attribute.

    See also: Attribute, Authorization
    Field 2

    Some authorizations may also include a value for Field 2. If a value for Field 2 exists, the authorization is represented by the Field1, Field2 pair. This field can be a single value or a list of values. The values for the fields are static strings pre-defined by the application owner, or they can be freeform (insert text here format). The freeform values may or may not have audits to ensure proper values.

    The Field2 name is determined by the application owner and should provide a description of the values contained within the field.

    See also: Attribute, Authorization, Field 1
    File-level encryption
    A technique where individual files or directories are encrypted by the computer's file system itself. Unlike whole-disk encryption, file-level encryption generally does not encrypt file metadata (e.g., the directory structure, file names, modification timestamps or sizes.) See also: Encryption, Whole-disk encryption
    A security tool that protects an individual computer or even an entire network from unauthorized attempts to access your system. Firewalls often protect e-mail servers from receiving spam. A firewall will also scan both incoming and outgoing communications for your personal information and prevent it from leaving your computer without permission. What to do: Students, faculty and staff can download, install and run the Symantec Firewall available on the BevoWare Web site at no additional cost.
    Fixed Media
    Fixed media devices are distinguished from those in which the data is stored on a cartridge, disk, or other material that is removable and interchangeable. Hard drives are typically fixed media, with platters sealed inside the drive chassis.
    The forest refers to the collection of all objects managed by an Active Directory network. Forests can contain objects, object attributes, and rules. Along with trees and domains, the forest is a primary component of the typical Active Directory network structure. See also: Domain, Objects, Tree

    Back to top



    A group is a collection of people who can be granted authorizations all together. However, not every person in the group necessarily has the same authorizations, since it is possible that certain group members may not fulfill the audits required for all authorizations for that group. It is also possible that an authorization administrator may not approve an individual for an authorization, even thought the individual is a member of the group which has been granted that authorization.

    Individuals can be members of more than one group.

    See also: Audit, Authorization, Authorization Administrator
    Groups are types of objects that can contain computers, users, or other groups. See also: Objects
    Group Member
    Group members are individuals who are included in a group. Group members are eligible to inherit any authorizations that have been granted to the group, as long as they fulfill any audits required for the authorization and as long as the authorization administrator approves them. See also: Audit, Authorization, Authorization Administrator
    Group Owner
    Group owners can add and remove individuals to or from a group. Owners may also change information about the group. See also: Group
    Group Policy Object (GPO)
    Group policy objects contain rules that are applied to organizational units. See also: Organizational Unit (OU)

    Back to top


    A hacker is someone who has the technical know-how to intentionally breach or "hack" into a computer system to steal confidential information or to cause damage to a computer or whole network. Hackers are often looking to find financial or personal information in order to steal money or identities. They are not nice people.
    Handling data relates to when users access, manipulate, change, transfer, or delete data.
    Hardware Security Module (HSM)
    A hardware-based security device that generates, stores and protects cryptographic keys. It provides the foundation for a high-level secure campus certification authority.
    HTTP (Hypertext Transfer Protocol)
    This is the standard language that computers use to communicate with each other on the Internet. Web addresses tend to start with http://www. See also: HTTPS
    If a Web address begins with https, it indicates that the Web site is equipped with an additional security layer. Typically, users must provide a password or other means of authentication to access the site. This is often used when making payments online or accessing classified information. What to do: When asked to provide personal information online, such as a credit card purchase, always look for https in the URL before you do so. If it's not there, the site is not secure--and neither is your information.

    Back to top


    Information Security Officer (ISO)
    Responsible to the Information Resource Manager (IRM) for administering the information security functions within the university. The ISO is the university’s internal and external point of contact and internal resource for all information security matters. The ISO leads the Computer Incident Response Team when security incidents occur and reports to the IRM. If an ISO is not designated, the IRM serves in this capacity.
    Information System
    An interconnected set of information resources under the same direct management control that shares common functionality. An Information System normally includes hardware, software, information, data, applications, communications and people.
    Information Technology Resources
    Any and all computer printouts, online display devices, mass storage media, and all computer-related activities involving any device capable of receiving e-mail, browsing web sites, or otherwise capable of receiving, storing, managing, or transmitting data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, PDAs, pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (that is, embedded technology), telecommunication resources, network environments, telephones, fax machines, printers, and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information.
    Information Technology Resources Facilities
    Any location that houses information technology resource equipment (includes servers, hubs, switches, and routers). Facilities are usually dedicated rooms or mechanical/wiring closets in the buildings.
    Information Technology Resources Manager (IRM)
    Responsible to the State of Texas for management of the university’s information technology resources. The designation of a university IRM is intended to establish clear accountability for setting policy for information technology resources management activities, provide for greater coordination of the university’s information activities, and ensure greater visibility of such activities within and between state agencies. The IRM has been given the authority and the accountability by the State of Texas to implement Security Policies, Procedures, Practice Standards, and Guidelines to protect the information technology resources of the university. If the university does not designate an Information Resource Manager, the title defaults to the university's Vice President of Information Technology, and the Vice President of Information Technology is responsible for adhering to the duties and requirements of an IRM.

    Any authorizations that are applied to a group are automatically applied to any member of that group. Therefore, any individual who is added to an existing group automatically inherits any authorizations for that group, assuming the individual fulfills all the audits for the authorizations.

    It is possible that an individual may not be approved for an authorization (by the authorization administrators) for a group for which they are a member.

    See also: Authorization, Authorization Administrator, Group, Group Member
    Instant Messaging (IM)
    Instant messaging rivals e-mail as the most popular form of online communication. IM allows users to relay messages to each other in real time for a "conversation" between two or more people. IM is also becoming the quickest new threat to network security. Because many IM systems have been slow to add security features, hackers have found IM a useful means of spreading viruses, spyware, phishing scams, and a wide variety of worms. Typically, these threats have infiltrated systems through attachments or contaminated messages.

    What to do:

    • Use a strong IM password.
    • Don’t automatically accept incoming messages or file transfers—even if you think you know the sender. IM addresses can be easily forged and file transfers are commonly used to launch viruses.
    • Don’t discuss personal or private information. Often, IM programs are easily compromised allowing hackers to read your messages as if they were postcards.
    • Watch for and download security upgrades from IM companies and BevoWare. Check them often for important patches and updates.
    The accuracy and completeness of information and assets and the authenticity of transactions.
    A global system interconnecting computers and computer networks. The computers and networks are owned separately by a host of organizations, government agencies, companies, and colleges.
    Intrusion Detection Systems (IDS)
    A device that monitors and analyzes network traffic. An IDS can be used legitimately or illegitimately to capture data being transmitted on a network. Specific signatures or promiscuous sniffing are available options for IDS monitoring.

    Back to top


    Key Encrypting Keys
    Keys used to encrypt other keys using symmetric key algorithms. Key encryption keys are also known as key wrapping keys.
    Key Management
    The activities involving the handling of encryption keys and other related security parameters (e.g., passwords) during the entire life cycle of the encryption keys, including their generation, storage, establishment, entry and output, and destruction.
    Key Management Infrastructure
    The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of all cryptographic material, including symmetric keys, as well as public keys and public key certificates. It includes all elements (hardware, software, other equipment, and documentation); facilities; personnel; procedures; standards; and information products that form the system that distributes, manages, and supports the delivery of cryptographic products and services to end users.
    Key Manager
    Controls the generation, storage and distribution of cryptographic keys.

    Back to top


    Lawful Intercept
    The interception of data on the university network by ISO and ITS-Telecommunications and Networking (ITS-TN), in accordance with local law and after following due process and receiving proper authorization from the appropriate authorities.
    Lead Researcher
    The person engaged in the conduct of Research with primary responsibility for stewardship of Research Data on behalf of an Entity.
    Local Area Network (LAN)
    A data communications network spanning a limited geographical area, a few miles at most. It provides communication between computers and peripherals at relatively high data rates and relatively low error rates.

    Back to top


    This term refers to any "malicious software" created to damage or illegally access a computer or network. Computer viruses, worms, spyware, and adware are all examples of malware.
    Master Keys
    Keys used to derive other symmetric keys (e.g., data encryption keys, key encrypting keys) using symmetric cryptographic methods.
    University unit that accepts credit card payment for goods, services, or gifts. See also: eCommerce Merchant, Non-eCommerce Merchant
    Merchant Account
    The credit card account number assigned by the credit card processor, Global Payments, to permit credit card payment processing.
    Mission Critical Information Resources
    Information Resources defined by an institution of higher education or state agency to be essential to the Entity’s function and which if made unavailable will inflict substantial harm to the Entity and the Entity’s ability to meet its instructional, research, patient care, or public service missions.  Mission Critical Information Resources include Confidential Data and Sensitive Data.

    Back to top


    All associated equipment and media creating electronic transmission between any information resource(s), such as wired, optical, wireless, IP, synchronous serial, telephony, etc.
    Network Flow
    The sequence of packets between given source and destination endpoints.
    Network Operations Center (NOC)
    Monitors the health of critical services and provides the central coordination of data services for campus.
    Networking Custodian
    Network manager or analyst; the holder of network configuration data, the agent charged with implementing the network controls and services specified by the owner or the university. This custodian is responsible for the transfer of information. These custodians, including entities providing outsourced information resources services to the university, must:

    • Implement the network controls specified by the owner or the university.
    • Provide physical and procedural safeguards for the network infrastructure.
    • Assist owners in evaluating the cost-effectiveness of controls and monitoring.
    • Implement the monitoring techniques and procedures for detecting, reporting, and investigating or troubleshooting network incidents.
    Non-eCommerce Merchant
    A department that processes credit card payments with equipment that does not utilize an external facing IP address, such as point-of-sale terminals, cash registers and other types of equipment.

    Back to top


    Network resources managed by an Active Directory server are referred to as objects. Objects can be computers, printers, or other peripherals connected to Active Directory. Each object is identified by a unique name. See also: Forest
    Offsite Storage
    Based on data criticality, offsite storage should be in a geographically different location from the campus and a location that does not share the same disaster threat event. Based on an assessment of the data backed up, removing the backup media from the building and storing it in another secured location on the campus may be required.
    Organizational Unit (OU)
    Organizational units are logical groups of objects in the Active Directory forest. In the case of Austin Active Directory, organizational units are used to group all of the objects in a particular department. See also: Forest, Objects
    Ownable Attribute
    An ownable attribute is just like a regular attribute, except that the Field 1 values are assigned to specific owners who are distinct from the application owner. Therefore, only the attribute owner (and NOT the application owner) can grant access to that attribute value (to that Field 1 value and associated Field 2 values). These are generally used for programmatic interfaces. See also: Application Owner, Attribute, Attribute Owner, Field 1, Field 2
    The authoritative head of the respective college, school, or unit. The owner is responsible for the function that is supported by the resource or for carrying out the program that uses the resources. The owner of a collection of information is the person responsible for the business results of that system or the business use of the information. Where appropriate, ownership may be shared by managers of different departments. The owner or his designated representatives are responsible for and authorized to:

    • Approve access and formally assign custody of an information resources asset.
    • Determine the asset's value.
    • Specify and establish data control requirements that provide security, and convey them to users and custodians.
    • Specify appropriate controls, based on risk assessment, to protect the state's information resources from unauthorized modification, deletion, or disclosure. Controls shall extend to information resources outsourced by the university.
    • Confirm that controls are in place to ensure the accuracy, authenticity, and integrity of data.
    • Confirm compliance with applicable controls.
    • Assign custody of information resources assets and provide appropriate authority to implement security controls and procedures.
    • Review access lists based on documented security risk management decisions.

    Back to top


    An electronic unit of data that is routed between an origin and a destination on a network.
    Packet Data
    The part of the packet containing user data and other data or information used by applications.
    Packet Header
    The part of the packet that contains protocol, source address, destination address, and other controlling information (including tunneling information).
    A string of characters used to verify or "authenticate" a person's identity. See also: Strong Passwords
    Person Audit
    Person audits apply to individuals. There are two predefined person audits: one checks to see whether or not the individual has a "high assurance" UT EID, and the other checks to see if the individual is an employee. Person audits can also be defined programmatically if necessary. See also: Audit
    Personal Identifying Information
    In 2009, state law changed nomenclature. Personal Identifying Information is now referred to as "Confidential Personal Information." See also: Strong Passwords, Confidential Personal Information
    Personal Information
    Any information that can personally identify you, such as your name, address, phone numbers, your schedule, Social Security number, bank account number, credit card account numbers, family members’ names or friends’ names. What to do: Treat your personal information with the utmost confidentiality on the Web. Finding this information is often the goal of hackers looking to steal your identity or your money. Also, don’t send personal information over e-mail or IM. These are insecure methods of communication and can be read or intercepted by outside sources. Remember, once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent. Keep your personal information private.
    Like the sport it’s named after, phishing refers to an urgent instant message or e-mail message meant to lure recipients into responding. Often these messages will appear to be from a friend, a bank or other legitimate source asking for personal information such as names, passwords, Social Security numbers or credit card information. These messages might also direct users to phony Web sites to trick users into providing personal information. Users falling for the "bait," often have their money or identities stolen. What to do: Be suspicious of any message asking for personal or financial information. If you are unsure about a message’s authenticity, never click a link within the e-mail taking you to any Web site. Banks or other legitimate organizations are not likely to contact you in this manner due to the security risks of sharing sensitive material online. If you think the message may be legitimate, call or contact the sender using contact information you already have, not the contact information provided in the suspicious message. These types of IM or e-mail messages should be treated like spam: delete them. See also: Social Networking Sites, Spam
    Physical Security Controls
    Devices and means to control physical access to sensitive information and to protect the availability of the information. Examples are physical access systems (fences, mantraps, guards); physical intrusion detection systems (motion detector, alarm system); and physical protection systems (sprinklers, backup generator).
    Pop-up Messages or Ads
    Unsolicited advertising that "pops up" in its own browser window. Adware programs can overrun a computer with pop- up ads or messages. If you are receiving a huge amount of pop- ups in your online sessions, your computer may be infected with adware, spyware or a virus.
    Portable Computing Devices
    Any easily portable device that is capable of receiving and/or transmitting data. These include, but are not limited to, notebook computers, handheld computers, PDAs (personal digital assistants), pagers, and cell phones.
    Private Key
    The secret key of a signature key pair used to create a digital signature and/or to decrypt confidential information.
    Production System
    The system environment comprised of hardware, software, and data in which an organization’s data processing is accomplished.
    Promiscuous Mode
    Mode of operation in which every data packet transmitted is received and read by every network adapter. Promiscuous mode is often used to monitor network activity.
    Public Key
    The publicly available key of a signature key pair used to validate a digital signature and/or to encrypt confidential information.

    Back to top


    A capability provided to a user or a department in the event access to encrypted data is required but the normal decryption capability is not available (e.g., a pass phrase is forgotten, a user is no longer affiliated with the university, etc.) Services escrowing the encryption keys are capable of providing such a recovery function. Recoverability may be less essential to some user's encrypting data if an original copy is stored on a central file server with reliable backup procedures in place. See also: Encryption
    Removable Media
    Removable media devices permit data to be stored on media that is removable and interchangeable. CDs, DVDs, flash memory, and floppy disks are examples of removable media.
    Systematic investigation designed to develop and contribute to knowledge and may include all stages of development, testing and evaluation.
    A Web-based system component represented by a URL or URL pattern. Resources are grouped together in application profiles in the central TAM system. See also: Application
    Refer to Audit. See also: Audit

    Back to top


    Scheduled Change
    Formal notification received, reviewed, and approved by the review process in advance of the change being made.
    Security Administrator
    The person charged with monitoring and implementing security controls and procedures for a system. Whereas each university will have one Information Security Officer, technical management may designate a number of security administrators.
    Security Incident
    In information operations, an assessed event of attempted entry, unauthorized entry, or an information attack on an automated information system. It includes unauthorized probing and browsing; disruption or denial of service; altered or destroyed input, processing, storage, or output of information; or changes to information system hardware, firmware, or software characteristics with or without the users' knowledge, instruction, or intent.
    Sensitive Information
    Information maintained by the university that requires special precautions to protect it from unauthorized modification or deletion. Sensitive information may be either public or confidential. It is information that requires a higher than normal assurance of accuracy and completeness. The controlling factor for sensitive information is that of integrity.
    A host or virtual host that is being protected by TAM. Each server must have a server profile established within the central TAM system in order for a Web Server Agent installed on that server to operate properly. See also: Web Server Agent
    Any computer providing a service over the network. Services include, but are not limited to: Web site publishing, SSH, chat, printing, wireless access, and file sharing.
    The interception of data packets traversing a network.
    Social Engineering
    This refers to a direct communication, either in person, by phone, by fax or over the Internet, designed to trick you into providing your personal information. These messages usually ask you to "update" or "confirm" information by typing in a reply or clicking on a link. Legitimate institutions, such as banks, do not send e-mail or IM of this nature due to security concerns on the Internet. "Phishing" is a prime example of social engineering. See also: Phishing
    Social Networking Sites
    These are Web sites, such as Facebook or MySpace, where users build online profiles and share personal information, opinions, photographs, blog entries, and other media to network with other users, to find new friends or find a new job. Unfortunately, social networking sites have become targets of online predators, spammers, and other dangerous forces on the Web. What to do: Keep in mind that the Internet is a public resource. Only post information you are comfortable with anyone seeing and we do mean anyone—your parents, your grandparents, your siblings, your teachers, your employer, even potential employers. It’s not uncommon for companies to run an Internet search of job applicants before they offer them a position. There are several stories of people being "weeded out" from a job search due to compromising or ill-advised photos and information found on the Web, usually posted by that very person! Even if you remove information, that same information may still be living on other people’s computers or networks. Also, don’t post information that would make you vulnerable to a physical attack, such as your address, your schedule or where you will be meeting friends this weekend. Most of all, be careful of people you meet on the Web. The Internet provides people with a certain amount of anonymity. The Internet makes it easy for predators to pose as something they’re not.
    Unsolicited, commercial e-mail messages that are sent out in bulk, often to millions of users in hopes that one person may actually reply. Spam messages often involve Internet hoaxes and should be deleted immediately. Responding to a spam message will confirm to the sender that they have reached a legitimate e-mail address and they will more than likely continue to send messages to that address. What to do: Never respond to spam! Delete it. See also: Firewall, Phishing, Social Engineering, Spim
    A new term for spam messages being sent to instant message addresses. What to do: Simply ignore them. Also, never respond to a message that looks like spim. A response will confirm to the sender that your account is legitimate and it’s likely the messages will continue.
    Forging an e-mail or instant message address to make it appear as if it came from someone or somewhere other than the true source. Whole Web sites can also be spoofed, tricking users into providing their passwords or other personal information, such as their credit card information.
    Spyware refers to a software program that slips into your computer without your consent to track your online activity. These programs tend to piggyback on another software program. When the user downloads and installs the software, the spyware is also installed without the user's knowledge. There are different forms of spyware that track different types of activity. Some programs monitor what Web sites you visit, while others record key stokes to steal personal information, such as credit card numbers, bank account information or passwords. What to do: Consider the reliability of the site offering the software download. Be careful if a download prompts you to accept the installation of additional software. Scan the fine print before downloading. If you see anything that refers to monitoring browsing sessions or collecting information, consider this your "red flag" that you may be installing spyware. Also, keep your systems up to date with BevoWare. BevoWare includes two anti-spyware products for students, faculty and staff to download, install and run on their computers at no cost: SpyBot Search & Destroy and Spyware Blaster. Visit the BevoWare Web site to download these programs and protect yourself from spyware. Don’t forget to update regularly. See also: Adware
    Strong Passwords
    A strong password is constructed so that it cannot be easily guessed by another user or a "hacker" program. It is typically a minimum number of positions in length and contains a combination of alphabetic, numeric, or special characters. See also: Password
    An individual who is the subject or entity designee named or identified in a certificate issued to that individual and possesses a private key, which corresponds to the public key listed in the certificate.
    An Apollo super-user is someone who can take any action on any group or application in the Apollo system. These actions include adding and removing authorizations, group memberships, group owners, and application owners. See also: Application, Application Owner, Authorization, Group, Group Owner
    Symmetric Encryption
    Cryptography in which the same key is used to both encrypt and decrypt the message. Requires a separate secure channel to exchange keys.
    Any device capable of receiving e-mail, browsing web sites, or otherwise capable of receiving, storing, managing, or transmitting data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, PDAs, pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (that is, embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus.
    System Administrator
    Person responsible for the effective operation and maintenance of Information Technology Resources, including implementation of standard procedures and controls, to enforce the university’s security policy.
    System Development Life Cycle(SDLC)
    The scope of activities associated with a system, encompassing the system's initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal.
    System Security Plan
    Provides a baseline of a system's security. A comprehensive system security plan describes the security controls that are in use, or plan to be used to protect all aspects of the system. Security plans are supported by security policy and can be essential tools that identify weaknesses in the system and document what controls will be added to combat the weaknesses.

    Back to top


    An acronym for uTexas Access Manager. TAM provides single sign-on authentication services for Web-based systems that the university operates. See also: Authentication
    Trees are trust-based groupings of related domains. Along with forests and domains, trees are a primary component of the typical Active Directory network structure. See also: Domain, Forest
    Trojan Horse
    Destructive programs--usually viruses or worms--that are hidden in an attractive or innocent-looking piece of software, such as a game or graphics program. Victims may receive a Trojan horse program by e-mail or on a diskette or CD, often from another unknowing victim, or may be urged to download a file from a web site or bulletin board. See also: Pop-up Messages or Ads, Spyware
    Trojan horse
    If you read "The Iliad" in high school, you will remember that the Trojan horse concealed an army and fooled the citizens of Troy into taking it inside its city walls. Once inside the city gates, the army was let loose and brought Troy down. Similarly, in computer security terms, a Trojan horse refers to a malicious program that enters a computer or system disguised or embedded within legitimate software. Once installed on a computer, a Trojan horse will delete files, access your personal information, reconfigure your computer or even allow hackers to use your computer as a weapon against other computers on a network. What to do: Like most other viruses or malicious programs, Trojan horses are most commonly spread through e-mail or IM messages. Never open a message attachment unless you are expecting, even from someone you know. IM or e-mail addresses are easily forged and what you think is a message from your roommate could be from someone you’ve never met and would never want to meet. Also, check the file extension of all attachments you receive. If the attachment ends in .exe, .com, .scr, .bat, or .pif, be careful. These suggest a program that may start running on your machine if you click on it. Also, make a habit of regularly checking the BevoWare Web site for updates and patches to your anti-virus software. See also: Pop-up Messages or Ads, Spyware
    Trusts describe the ability of users to access resources in domains they do not belong to. Transitive trust, or trust that exists between all domains in a logical grouping (i.e., a tree), is created automatically between domains within a single forest. For more information on trusts, see Microsoft's documentation on managing trusts.

    Back to top


    University of Texas Investment Management Company
    Unauthorized Disclosure
    The intentional or unintentional revealing of restricted information to people who do not have a legitimate need to access that information.
    University of Texas at Austin networks (UTnet)
    The physical and electronic network infrastructure, currently under the operational administration of Information Technology Services-Telecommunications and Networking (ITS-TN), allowing for inter-network communications between Local Area Networks (LANs) and virtual LANs (VLANs), including access to Internet and advanced research networks.
    Unscheduled Change
    Failure to present notification through the review process in advance of the change being made. Unscheduled changes will only be acceptable in the event of a system failure or the discovery of a security vulnerability.
    An individual, automated application or process that is authorized by the owner to access the resource, in accordance with the owner's procedures and rules. Has the responsibility to (1) use the resource only for the purpose specified by the owner, (2) comply with controls established by the owner, and (3) prevent disclosure of confidential or sensitive information. The user is any person who has been authorized by the owner of the information to read, enter, or update that information. The user is the single most effective control for providing adequate security.
    UT System Administration
    Administrative staff of U. T. System

    Back to top


    Value Audit
    Checks to see if the value for Field 1 or Field 2 is an acceptable value. These audits are defined programmatically. See also: Audit, Field 1, Field 2, Person Audit
    Any person or company that sells goods or services involving information technology resources to The University of Texas at Austin.
    A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft Office programs that allows users to generate macros.

    Back to top


    Web page
    A document on the World Wide Web. Every Web page is identified by a unique URL.
    Web server
    A computer that delivers (serves up) Web pages.
    Web Server Agent
    A software component that is installed on the Web server that TAM is protecting. The TAM Web Server Agent ensures that only UT EID-authenticated users are allowed to access resources on the protected Web server. The TAM Web Server Agent also controls the release of attributes through the HTTP headers for consumption by the resources on the Web server. See also: Authentication, Attributes
    Web site
    A location on the World Wide Web, accessed by entering its address (URL) into a Web browser. A Web site always includes a home page and may contain additional documents or pages
    Whole-disk encryption
    A technique where software or hardware encrypts every bit of data that is stored on a disk (e.g., everything on the hard drive including the operating system.) See also: Encryption, File-level encryption
    World Wide Web
    Also referred to as “the Web.” A system of Internet hosts that supports documents formatted in HTML, which contain links to other documents (hyperlinks) and to audio, video, and graphic images. Users can access the Web with special applications called browsers, such as Netscape Navigator and Microsoft Internet Explorer.
    A program that makes copies of itself elsewhere in a computing system. These copies may be created on the same computer or may be sent over networks to other computers. The first use of the term described a program that copied itself benignly around a network, using otherwise-unused resources on networked machines to perform distributed computation. Some worms are security threats, using networks to spread themselves against the wishes of the system owners and disrupting networks by overloading them. A worm is similar to a virus in that it makes copies of itself, but different in that it does not attach to particular files or sectors. See also: Pop-up Messages or Ads, Spyware
    Just as a worm burrows through an apple making it inedible, a computer worm is a program built to reproduce itself and spread across a network, rendering it ineffective. A worm may be designed to complete several different malicious activities. However, one common denominator is that a worm can harm a network by consuming large amounts of bandwidth, potentially shutting the network down. Viruses, on the other hand, are more limited to targeting computers one-at-a-time. A virus also requires other programs to execute and replicate, whereas a worm can act independently of other programs. What to do: To keep a computer worm from entering your computer and network, be wary of unexpected or unknown e-mails, IMs or attachments. Also, use anti-virus software on your personal computer and update it regularly. See also: Pop-up Messages or Ads, Spyware

    Back to top


    A computer overtaken by a hacker and used to perform malicious tasks. Commonly, zombie computers are used to send large amounts of spam or host fraudulent Web sites. What to do: If you believe your computer has been taken over by an outside source, first: disconnect it from the Web. Then, contact the ITS Help Desk. See also: Spyware, Pop-up Messages or Ads

    We Can Help

    Get help from an expert:

    * UT Service Desk

    * Call us at 512-475-9400

    * Submit a help request online

    We also have a walk-in service in the first floor lobby of the Flawn Academic Center (FAC). Stop by and let us help you!