The University of Texas at Austin

Digital Certificates

Data Encryption Glossary

The terms listed in this glossary are all defined as part of the Data Encryption Guidelines.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Asymmetric Encryption

Cryptography in which a pair of keys is used to encrypt and decrypt a message. The sender of the message encrypts the message with the recipient's public key. The recipient then decrypts the message with his/her private key.

Back to top

C

Category-I Data

University data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included (see extended list of Category I data classification examples)

Category-II Data

University data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific email, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.

Category-III Data

University data that are not otherwise identified as Category-I or Category-II data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.

Certificate Authority (CA)

A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.

Certificate Management Plan (or Certificate Policy)

The administrative policy for key and certificate management. This plan addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of encryption key and digital certificates. For an example, refer to the X.500 Certificate Policy for the Virginia Polytechnic Institute and State University.

Certificate Practice Statement (CPS)

A statement of the practices, which a certification authority employs in issuing certificates. See examples at the University of Washington and Virginia Polytechnic Institute and State University.

Confidential

The classification of data of which unauthorized disclosure/use could cause serious damage to an organization or individual.

Confidential Information

Information maintained by state agencies and universities that is exempt from disclosure under the provisions of the Public Records Act or other applicable state and federal laws. The controlling factor for confidential information is dissemination.

Custodian

Guardian or caretaker; the holder of data, the agent charged with implementing the controls specified by the owner. The custodian is responsible for the processing and storage of information. The custodians of information resources, including entities providing outsourced information resources services to the university, must:

  • Implement the controls specified by the owner(s).

  • Provide physical and procedural safeguards for the information resources.

  • Assist owners in evaluating the cost-effectiveness of controls and monitoring.

  • Implement the monitoring techniques and procedures for detecting, reporting, and investigating incidents.

Back to top

D

Data

Research Data are recorded information, regardless of form in which the information may be recorded, that constitutes the original data that are necessary to support research activities and validate research findings. Research data may include but are not limited to: printed records, observations and notes; electronic data; video and audio records, photographs and negatives, etc.

Digital Research Data are defined as the subset of research data as defined below that are transmitted by or maintained in, electronic format and include any of the following: (a) Electronic storage data including storage devices in computers (hard drives, memory) and any removable/transportable digital storage medium, such as magnetic tape or disk, optical disk, or digital memory card; or (b) Transmission data used to exchange information already in electronic storage format. Transmission data include, for example, the Internet (wide-open), extranet (using Internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, intranet, and the physical movement of removable/transportable electronic storage data.

Sensitive Digital Research Data are data defined by the university as Category-I data.

Category-I data are university data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included (see extended list of Category I data classification examples).

Category-II data are university data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific email, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.

Category-III data are university data that are not otherwise identified as Category-I or Category-II data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.

Data Encrypting Keys

Keys used with symmetric key algorithms to apply confidentiality protection to information.

Data Stewardship

Data stewardship is the formalization of accountability for the management of the university's data.

Digital Certificate

A data structure used in a public key system to bind a particular, authenticated individual to a particular public key.

Digital Signature

A digital signature is a type of electronic signature, which cannot be forged. A digital signature provides verification to the recipient that the file came from the user or entity identified as the sender, and that it has not been altered since it was signed. (See Digital Signature Standard [DSS].)

Back to top

E

Encryption

The process of converting data into a cipher or code in order to prevent unauthorized access. Encryption obfuscates data in such a manner that a specific algorithm and key are required to interpret the cipher or code. The keys are binary values that may be interpretable as the codes for text strings, or they may be arbitrary numbers. The purpose of encryption is to prevent unauthorized access to data while it is either in storage or being transmitted. See also: File-level encryption, Recoverability, Whole-disk encryption

Escrow

Data decryption keys held in trust by a third party to be turned over to the user only upon fulfillment of specific authentication conditions.

Back to top

F

File-level encryption

A technique where individual files or directories are encrypted by the computer's file system itself. Unlike whole-disk encryption, file-level encryption generally does not encrypt file metadata (e.g., the directory structure, file names, modification timestamps or sizes.) See also: Encryption, Whole-disk encryption

Back to top

H

Hardware Security Module (HSM)

A hardware-based security device that generates, stores and protects cryptographic keys. It provides the foundation for a high-level secure campus certification authority.

Back to top

I

Information Security Officer (ISO)

Responsible to the Information Resource Manager (IRM) for administering the information security functions within the university. The ISO is the university's internal and external point of contact and internal resource for all information security matters. The ISO leads the Computer Incident Response Team when security incidents occur and reports to the IRM. If an ISO is not designated, the IRM serves in this capacity.

Integrity

The accuracy and completeness of information and assets and the authenticity of transactions.

Back to top

K

Key Encrypting Keys

Keys used to encrypt other keys using symmetric key algorithms. Key encryption keys are also known as key wrapping keys.

Key Management

The activities involving the handling of encryption keys and other related security parameters (e.g., passwords) during the entire life cycle of the encryption keys, including their generation, storage, establishment, entry and output, and destruction.

Key Management Infrastructure

The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of all cryptographic material, including symmetric keys, as well as public keys and public key certificates. It includes all elements (hardware, software, other equipment, and documentation); facilities; personnel; procedures; standards; and information products that form the system that distributes, manages, and supports the delivery of cryptographic products and services to end users.

Key Manager

Controls the generation, storage and distribution of cryptographic keys.

Back to top

M

Master Keys

Keys used to derive other symmetric keys (e.g., data encryption keys, key encrypting keys) using symmetric cryptographic methods.

Back to top

N

Network

All associated equipment and media creating electronic transmission between any information resource(s), such as wired, optical, wireless, IP, synchronous serial, telephony, etc.

Back to top

O

Owner

The authoritative head of the respective college, school, or unit. The owner is responsible for the function that is supported by the resource or for carrying out the program that uses the resources. The owner of a collection of information is the person responsible for the business results of that system or the business use of the information. Where appropriate, ownership may be shared by managers of different departments. The owner or his designated representatives are responsible for and authorized to:

  • Approve access and formally assign custody of an information resources asset.

  • Determine the asset's value.

  • Specify and establish data control requirements that provide security, and convey them to users and custodians.

  • Specify appropriate controls, based on risk assessment, to protect the state's information resources from unauthorized modification, deletion, or disclosure. Controls shall extend to information resources outsourced by the university.

  • Confirm that controls are in place to ensure the accuracy, authenticity, and integrity of data.

  • Confirm compliance with applicable controls.

  • Assign custody of information resources assets and provide appropriate authority to implement security controls and procedures.

  • Review access lists based on documented security risk management decisions.

Back to top

P

Portable Computing Devices

Any easily portable device that is capable of receiving and/or transmitting data. These include, but are not limited to, notebook computers, handheld computers, PDAs (personal digital assistants), pagers, and cell phones.

Private Key

The secret key of a signature key pair used to create a digital signature and/or to decrypt confidential information.

Public Key

The publicly available key of a signature key pair used to validate a digital signature and/or to encrypt confidential information.

Back to top

R

Recoverability

A capability provided to a user or a department in the event access to encrypted data is required but the normal decryption capability is not available (e.g., a pass phrase is forgotten, a user is no longer affiliated with the university, etc.) Services escrowing the encryption keys are capable of providing such a recovery function. Recoverability may be less essential to some user's encrypting data if an original copy is stored on a central file server with reliable backup procedures in place. See also: Encryption

Back to top

S

Sensitive Information

Information maintained by the university that requires special precautions to protect it from unauthorized modification or deletion. Sensitive information may be either public or confidential. It is information that requires a higher than normal assurance of accuracy and completeness. The controlling factor for sensitive information is that of integrity.

Server

Any computer providing a service over the network. Services include, but are not limited to: website publishing, SSH, chat, printing, wireless access, and file sharing.

Strong Passwords

A strong password is constructed so that it cannot be easily guessed by another user or a "hacker" program. It is typically a minimum number of positions in length and contains a combination of alphabetic, numeric, or special characters.

Subscriber

An individual who is the subject or entity designee named or identified in a certificate issued to that individual and possesses a private key, which corresponds to the public key listed in the certificate.

Symmetric Encryption

Cryptography in which the same key is used to both encrypt and decrypt the message. Requires a separate secure channel to exchange keys.

Back to top

U

Unauthorized Disclosure

The intentional or unintentional revealing of restricted information to people who do not have a legitimate need to access that information.

Back to top

W

Whole-disk encryption

A technique where software or hardware encrypts every bit of data that is stored on a disk (e.g., everything on the hard drive including the operating system.) See also: Encryption, File-level encryption

Trouble viewing the documents available on this page? Download the Adobe PDF Reader.

Last updated December 10, 2012 @ 2:49 pm

We Can Help

Get help from an expert:

* ITS Help and Service Desk

* Call us at 512-475-9400

* Submit a help request online

We also have a walk-in service in the first floor lobby of the Flawn Academic Center (FAC). Stop by and let us help you!