Data Encryption Glossary
The terms listed in this glossary are all defined as part of the Data Encryption Guidelines.
- Asymmetric Encryption
- Cryptography in which a pair of keys is used to encrypt and decrypt a message. The sender of the message encrypts the message with the recipient's public key. The recipient then decrypts the message with his/her private key.
- Category-I Data
- University data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included (see extended list of Category I data classification examples)
- Category-II Data
- University data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific email, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.
- Category-III Data
- University data that are not otherwise identified as Category-I or Category-II data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.
- Certificate Authority (CA)
- A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.
- Certificate Management Plan (or Certificate Policy)
- The administrative policy for key and certificate management. This plan addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of encryption key and digital certificates. For an example, refer to the X.500 Certificate Policy for the Virginia Polytechnic Institute and State University.
- Certificate Practice Statement (CPS)
- A statement of the practices, which a certification authority employs in issuing certificates. See examples at the University of Washington and Virginia Polytechnic Institute and State University.
- The classification of data of which unauthorized disclosure/use could cause serious damage to an organization or individual.
- Confidential Information
- Information maintained by state agencies and universities that is exempt from disclosure under the provisions of the Public Records Act or other applicable state and federal laws. The controlling factor for confidential information is dissemination.
- Guardian or caretaker; the holder of data, the agent charged with implementing the controls specified by the owner. The custodian is responsible for the processing and storage of information. The custodians of information resources, including entities providing outsourced information resources services to the university, must:
Implement the controls specified by the owner(s).
Provide physical and procedural safeguards for the information resources.
Assist owners in evaluating the cost-effectiveness of controls and monitoring.
Implement the monitoring techniques and procedures for detecting, reporting, and investigating incidents.
- Research Data are recorded information, regardless of form in which the information may be recorded, that constitutes the original data that are necessary to support research activities and validate research findings. Research data may include but are not limited to: printed records, observations and notes; electronic data; video and audio records, photographs and negatives, etc.
Digital Research Data are defined as the subset of research data as defined below that are transmitted by or maintained in, electronic format and include any of the following: (a) Electronic storage data including storage devices in computers (hard drives, memory) and any removable/transportable digital storage medium, such as magnetic tape or disk, optical disk, or digital memory card; or (b) Transmission data used to exchange information already in electronic storage format. Transmission data include, for example, the Internet (wide-open), extranet (using Internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, intranet, and the physical movement of removable/transportable electronic storage data.
Sensitive Digital Research Data are data defined by the university as Category-I data.
Category-I data are university data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included (see extended list of Category I data classification examples).
Category-II data are university data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific email, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.
Category-III data are university data that are not otherwise identified as Category-I or Category-II data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.
- Data Encrypting Keys
- Keys used with symmetric key algorithms to apply confidentiality protection to information.
- Data Stewardship
- Data stewardship is the formalization of accountability for the management of the university's data.
- Digital Certificate
- A data structure used in a public key system to bind a particular, authenticated individual to a particular public key.
- Digital Signature
- A digital signature is a type of electronic signature, which cannot be forged. A digital signature provides verification to the recipient that the file came from the user or entity identified as the sender, and that it has not been altered since it was signed. (See Digital Signature Standard [DSS].)
- The process of converting data into a cipher or code in order to prevent unauthorized access. Encryption obfuscates data in such a manner that a specific algorithm and key are required to interpret the cipher or code. The keys are binary values that may be interpretable as the codes for text strings, or they may be arbitrary numbers. The purpose of encryption is to prevent unauthorized access to data while it is either in storage or being transmitted. See also: File-level encryption, Recoverability, Whole-disk encryption
- Data decryption keys held in trust by a third party to be turned over to the user only upon fulfillment of specific authentication conditions.
- File-level encryption
- A technique where individual files or directories are encrypted by the computer's file system itself. Unlike whole-disk encryption, file-level encryption generally does not encrypt file metadata (e.g., the directory structure, file names, modification timestamps or sizes.) See also: Encryption, Whole-disk encryption
- Hardware Security Module (HSM)
- A hardware-based security device that generates, stores and protects cryptographic keys. It provides the foundation for a high-level secure campus certification authority.
- Information Security Officer (ISO)
- Responsible to the Information Resource Manager (IRM) for administering the information security functions within the university. The ISO is the university's internal and external point of contact and internal resource for all information security matters. The ISO leads the Computer Incident Response Team when security incidents occur and reports to the IRM. If an ISO is not designated, the IRM serves in this capacity.
- The accuracy and completeness of information and assets and the authenticity of transactions.
- Key Encrypting Keys
- Keys used to encrypt other keys using symmetric key algorithms. Key encryption keys are also known as key wrapping keys.
- Key Management
- The activities involving the handling of encryption keys and other related security parameters (e.g., passwords) during the entire life cycle of the encryption keys, including their generation, storage, establishment, entry and output, and destruction.
- Key Management Infrastructure
- The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of all cryptographic material, including symmetric keys, as well as public keys and public key certificates. It includes all elements (hardware, software, other equipment, and documentation); facilities; personnel; procedures; standards; and information products that form the system that distributes, manages, and supports the delivery of cryptographic products and services to end users.
- Key Manager
- Controls the generation, storage and distribution of cryptographic keys.
- Master Keys
- Keys used to derive other symmetric keys (e.g., data encryption keys, key encrypting keys) using symmetric cryptographic methods.
- All associated equipment and media creating electronic transmission between any information resource(s), such as wired, optical, wireless, IP, synchronous serial, telephony, etc.
- The authoritative head of the respective college, school, or unit. The owner is responsible for the function that is supported by the resource or for carrying out the program that uses the resources. The owner of a collection of information is the person responsible for the business results of that system or the business use of the information. Where appropriate, ownership may be shared by managers of different departments. The owner or his designated representatives are responsible for and authorized to:
Approve access and formally assign custody of an information resources asset.
Determine the asset's value.
Specify and establish data control requirements that provide security, and convey them to users and custodians.
Specify appropriate controls, based on risk assessment, to protect the state's information resources from unauthorized modification, deletion, or disclosure. Controls shall extend to information resources outsourced by the university.
Confirm that controls are in place to ensure the accuracy, authenticity, and integrity of data.
Confirm compliance with applicable controls.
Assign custody of information resources assets and provide appropriate authority to implement security controls and procedures.
Review access lists based on documented security risk management decisions.
- Portable Computing Devices
- Any easily portable device that is capable of receiving and/or transmitting data. These include, but are not limited to, notebook computers, handheld computers, PDAs (personal digital assistants), pagers, and cell phones.
- Private Key
- The secret key of a signature key pair used to create a digital signature and/or to decrypt confidential information.
- Public Key
- The publicly available key of a signature key pair used to validate a digital signature and/or to encrypt confidential information.
- A capability provided to a user or a department in the event access to encrypted data is required but the normal decryption capability is not available (e.g., a pass phrase is forgotten, a user is no longer affiliated with the university, etc.) Services escrowing the encryption keys are capable of providing such a recovery function. Recoverability may be less essential to some user's encrypting data if an original copy is stored on a central file server with reliable backup procedures in place. See also: Encryption
- Sensitive Information
- Information maintained by the university that requires special precautions to protect it from unauthorized modification or deletion. Sensitive information may be either public or confidential. It is information that requires a higher than normal assurance of accuracy and completeness. The controlling factor for sensitive information is that of integrity.
- Any computer providing a service over the network. Services include, but are not limited to: website publishing, SSH, chat, printing, wireless access, and file sharing.
- Strong Passwords
- A strong password is constructed so that it cannot be easily guessed by another user or a "hacker" program. It is typically a minimum number of positions in length and contains a combination of alphabetic, numeric, or special characters.
- An individual who is the subject or entity designee named or identified in a certificate issued to that individual and possesses a private key, which corresponds to the public key listed in the certificate.
- Symmetric Encryption
- Cryptography in which the same key is used to both encrypt and decrypt the message. Requires a separate secure channel to exchange keys.
- Unauthorized Disclosure
- The intentional or unintentional revealing of restricted information to people who do not have a legitimate need to access that information.
- Whole-disk encryption
- A technique where software or hardware encrypts every bit of data that is stored on a disk (e.g., everything on the hard drive including the operating system.) See also: Encryption, File-level encryption
Trouble viewing the documents available on this page? Download the Adobe PDF Reader.
Last updated December 10, 2012 @ 2:49 pm