The following words and terms, when used in this chapter, shall have the following meanings, unless the context clearly indicates otherwise. (1) Access--To approach, interact with, or otherwise make use of information resources. (2) Business Continuity Planning--The process of identifying critical data systems and business functions, analyzing the risks and probabilities of service disruptions and developing procedures to restore those systems and functions. (3) Confidential Information--Information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g. the Texas Public Information Act. (4) Control--Any action, device, policy, procedure, technique, or other measure that improves security. (5) Custodian of an Information Resource--A person responsible for implementing owner-defined controls and access to an information resource. (6) Department--The Department of Information Resources. (7) Information Resources--Is defined in §2054.003(7), Texas Government Code and/or other applicable state or federal legislation. (8) Information Security Program--The elements, structure, objectives, and resources that establish an information resources security function within an institution of higher education, or state agency. (9) Mission Critical Information--Information that is confidential or is defined by the institution of higher education, or state agency to be essential to the institution of higher education, or state agency function(s). (10) Owner of an Information Resource--A person responsible: (A) For a business function; and (B) For determining controls and access to information resources supporting that business function. (11) Platform--The foundation technology of a computer system. The hardware and systems software that together provide support for an application program. (Ref: Practices for Protecting Information Resources Assets.) (12) Security Incident--An event which results in unauthorized access, loss, disclosure, modification, disruption, or destruction of information resources whether accidental or deliberate. (13) Security Risk Analysis--The process of identifying and documenting vulnerabilities and applicable threats to information resources. (14) Security Risk Assessment--The process of evaluating the results of the risk analysis by projecting losses, assigning levels of risk, and recommending appropriate measures to protect information resources. (15) Security Risk Management--Decisions to accept exposures or to reduce vulnerabilities. (16) Test--A simulated or documented "real-live" incident for which records are kept of the incident. (17) User of an Information Resource--An individual or automated application authorized to access an information resource in accordance with the owner-defined controls and access rules. (18) Vulnerability Report--A computer related report containing information described in §2054.077(b), Government Code, as that section may be amended from time to time. |
