A general glossary or dictionary of terms.

Create New

Item Description
Acceptable Risk The level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system Edit | Details | Delete
Access Ability to make use of any information system resource. Edit | Details | Delete
Access Control Process of granting access to information system resources only to authorized users, programs, processes, or other systems. Edit | Details | Delete
Accountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. Edit | Details | Delete
ADA Americans with Disabilities Edit | Details | Delete
Administrative Controls (Safeguards) Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information. Edit | Details | Delete
ADT Associate Degree Transfer Edit | Details | Delete
Alias / Persona A digital identity that is not directly or openly correlated to a real world identity. Edit | Details | Delete
API Application Programming Interface Edit | Details | Delete
Application A software program hosted by an information system. Edit | Details | Delete
ARB Architecture Review Board Edit | Details | Delete
ARCC Accountability Reporting for the Community Colleges Edit | Details | Delete
Artifact A piece of evidence, such as text or a reference to a resource, that is submitted to support a response to a question. Edit | Details | Delete
ASCCC Academic Senate for California Community Colleges Edit | Details | Delete
Asset Anything that has value to an organization, including, but not limited to, another organization, person, computing device, information technology (IT) system, IT network, IT circuit, software (both an installed instance and a physical instance), virtual computing platform (common in cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards). Edit | Details | Delete
ASSIST Articulation System Stimulating Inter-Institutional Student Transder Edit | Details | Delete
Attack Surface The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment. Edit | Details | Delete
Audit Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures. Edit | Details | Delete
Authentication the process or action of verifying the identity of a user or process. User authentication for each device ensures that the individual using the device is recognized by the company. Edit | Details | Delete
Authority The aggregate of people, procedures, documentation, hardware, and/or software necessary to authorize and enable security-relevant functions. Edit | Details | Delete
Authorization Authorization is the function of specifying access rights/privileges to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define an access policy. Edit | Details | Delete
Availability Ensuring timely and reliable access to and use of information. Edit | Details | Delete
Awareness, Training, and Education Controls include (1) awareness programs which set the stage for training by changing organizational attitudes to realize the importance of security and the adverse consequences of its failure, (2) training which teaches people the skills that will enable them to perform their jobs more effectively, and (3) education which is targeted for IT security professionals and focuses on developing the ability and vision to perform complex, multi-disciplinary activities. Edit | Details | Delete
AWS Amazon Web Service Edit | Details | Delete
Backup A copy of files and programs made to facilitate recovery if necessary. Edit | Details | Delete
Baseline Configuration A set of specifications for a system, or items within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes. Edit | Details | Delete
BCP Business Continuity Plan Edit | Details | Delete
BI Business Intelligence Edit | Details | Delete
Boundary Physical or logical perimeter of a system. Edit | Details | Delete
Business Continuity Plan The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption. Edit | Details | Delete
Business Impact Analysis An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption. Edit | Details | Delete
Business Partner The business owner is the senior official or executive within an organization with specific mission or line of business responsibilities and that has a security and privacy interest in the organizational systems supporting those missions or lines of business. Business owners are key stakeholders that have a significant role in establishing organizational business processes and the protection needs and security and privacy requirements that ensure the successful conduct of the organization’s business operations. Edit | Details | Delete
CAI Common Assessment Initiative Edit | Details | Delete
CalREN California Research and Education Network Edit | Details | Delete
CANVAS Is a Learning Management System (LMS) Edit | Details | Delete
CAP California Acceleration Project (CAP) Edit | Details | Delete
CBO Chief Business Officer Edit | Details | Delete
CBS Chief Business Officer Edit | Details | Delete
CCCCAP California Community Colleges Core Apps Program Edit | Details | Delete
CCCCCC California Community Colleges Career Coach Edit | Details | Delete
CCCDW CCC Data Warehouse Edit | Details | Delete
CCCTC California Community Colleges Tech Center Edit | Details | Delete
cccTOM California Community Colleges Transformation Operating Model Edit | Details | Delete
CCD Community College District Edit | Details | Delete
CCFS Edit | Details | Delete
CCFS311 Edit | Details | Delete
CCGI CCCData Edit | Details | Delete
CCM Change Configuration Management Edit | Details | Delete
CCO ?Chief Compliance Officer? - usually not data but may be financial or academic standards Edit | Details | Delete
CCP Edit | Details | Delete
CCPG California College Promise Grant Edit | Details | Delete
CCRC Community College Research Center Edit | Details | Delete
CDE Edit | Details | Delete
CDO Chief Data Officer Edit | Details | Delete
CENIC Corporation for Educational Network Initiatives in California Edit | Details | Delete
CEO Chief Educational Officer Edit | Details | Delete
CFFP College Finance and Facilities Planning Edit | Details | Delete
Chain of Custody A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer. Edit | Details | Delete
Change (aka Security-Related Change) Any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations. Edit | Details | Delete
C-ID Course Identification Numbering System Edit | Details | Delete
CIO Chief Information Officer Edit | Details | Delete
CIO[a] Chief Instructional Officer (Alternative) Edit | Details | Delete
CIRT Computer or Cyber Incident Response Team Edit | Details | Delete
CISO Chief Information Systems Officer possibly "Chief Cyber Security Officer" (CCSO) Edit | Details | Delete
CISO[a] Chief Information Security Officer (Alternative) Edit | Details | Delete
Client A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server. Edit | Details | Delete
Cloud Computing A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Edit | Details | Delete
CMS Canvas Edit | Details | Delete
CO Chancellor's Office Edit | Details | Delete
COA Certificate of Achievement (COA) pathways Edit | Details | Delete
COCI Chancellor's Office Curriculum Inventory Edit | Details | Delete
Cold Site A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site. Edit | Details | Delete
COMIS Chancellor’s Office Management Information System Edit | Details | Delete
Community Cloud The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Edit | Details | Delete
Compensating Control Security control employed in lieu of the recommended controls that provides equivalent or comparable protection for an information system or organization. Edit | Details | Delete
Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Edit | Details | Delete
Configuration The possible conditions, parameters, and specifications with which an information system or system component can be described or arranged. Edit | Details | Delete
Configuration Management A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems. Edit | Details | Delete
COREAPS CCC Core Applications Edit | Details | Delete
COREAPS1 COREAPS1 - CCC Core Applications Project (CCCCAP) (19-081-101) Edit | Details | Delete
COREAPS2 COREAPS2 - CCC Core Applications Project (CCCCAP) (19-081-102) Edit | Details | Delete
COTOP CO Tax Offset Program Edit | Details | Delete
CPO Chief Privacy Officer Edit | Details | Delete
CR Change Request Edit | Details | Delete
Criticality A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. Edit | Details | Delete
CSSO Chief Students Services Officer Edit | Details | Delete
CSU California State University Edit | Details | Delete
CTC Edit | Details | Delete
CTE Career and Technical Education Edit | Details | Delete
CTO Chief Technology Officer Edit | Details | Delete
CVC California Virtual Campus Edit | Details | Delete
CVC-OEI California Virtual College, Online Education Initiative Edit | Details | Delete
CVE Common Vulnerability Enumeration Edit | Details | Delete
CVSS A system for measuring the relative severity of software flaw vulnerabilities. Edit | Details | Delete
Cybersecurity Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. Edit | Details | Delete
Data Access* refers to a user's ability to access or retrieve data stored within a database or other repository. This definition includes terms, but is not limited to read, write, delete, modify, export, and/or print data. Edit | Details | Delete
Data Custodian Data Custodians are responsible for the safe custody, transport, storage of the data and implementation of business rules. Simply put, Data Stewards are responsible for what is stored in a data field, while Data Custodians are responsible for the technical environment and database structure. Edit | Details | Delete
Data Governance Data governance is a data management concept concerning the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency[1], data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization. Edit | Details | Delete
Data Integrity The accuracy and consistency of stored data, indicated by an absence of any alteration in data between two updates of data record. Data integrity is imposed within the datastore at its design stage through the use of standard rules and procedures, and is maintained through the use of error checking and validation routines. Edit | Details | Delete
Data Owner Data ownership is the act of having legal rights and complete control over a single piece or set of data elements. It defines and provides information about the rightful owner of data assets and the acquisition, use and distribution policy implemented by the Data Owner. The Data Owner has the ability to create, edit, modify, share and restrict access to the data. The Data Owner claims the possession to such data to ensure their control and ability to take legal action if their ownership is illegitimately breached by an internal or external entity. Edit | Details | Delete
Data Steward A Data Steward is a job role that involves planning, implementing and managing the sourcing, use and maintenance of data assets in an organization. Data Stewards enable an organization to take control and govern all the types and forms of data and their associated libraries or repositories. A Data Steward ensures that there are documented procedures and guidelines for data access and use. Data Stewards work with Data Owners, Data Users, Database Administrators and other related staff to plan and execute an enterprise-wide data governance, control and compliance policy. Edit | Details | Delete
Data User Data Users are required to follow all specific policies, guidelines, and procedures established by the administration, departments, or business units with which they are associated and that have provided them with access privileges. This includes information confidentiality and any reports from the dataset should not be shared or made accessible to others without express permission of the Data Owner. The Data User is also charged with ensuring the security of any sensitive organizational data and should not leave copies of this data in unencrypted form on laptops or removable media. Edit | Details | Delete
DataDef Data Definitions and Harmonization Edit | Details | Delete
DataLake CCCData Edit | Details | Delete
Defense-in-Depth Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. Edit | Details | Delete
Denial of Service The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided). Edit | Details | Delete
Deny by Default To block all inbound and outbound traffic that has not been expressly permitted by firewall policy. Edit | Details | Delete
Destruction The process of overwriting, erasing, or physically destroying information so that it cannot be recovered. Edit | Details | Delete
DGC Data Governance Council Edit | Details | Delete
DGS Department of General Services Edit | Details | Delete
Dict CCCData Edit | Details | Delete
Digital Forensics The application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. Edit | Details | Delete
Digital Identity a unique fact of being in the digital world that may be connected to a real world fact (digital twin) or may not (alias/persona) Edit | Details | Delete
Digital Media A form of electronic media where data is stored in digital (as opposed to analog) form (e.g., hard disk drive, flash drive, CD, DVD, etc.) Edit | Details | Delete
Digital Signature The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation. Edit | Details | Delete
Digital Twin When the digital identity is tightly aligned with the real world identity, it is often called a “Digital Twin.” Edit | Details | Delete
Disaster Recovery (DR) Disaster recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events. Disaster recovery can therefore be considered as a subset of business continuity. Edit | Details | Delete
DMZ A network created by connecting two firewalls. Systems that are externally accessible but need some protections are usually located on DMZ networks. Edit | Details | Delete
DR Disaster Recovery Edit | Details | Delete
DSP Data Services Program Edit | Details | Delete
DST Data Science Tools Edit | Details | Delete
DSTSC Data Science Tools (DST) Steering Committee Edit | Details | Delete
DSWG Data Stewards Working Group Edit | Details | Delete
DTAC District Technology Advisory Committee Edit | Details | Delete
DWRPT CCCData Edit | Details | Delete
EA Enterprise Architecture Edit | Details | Delete
EAP? Enterprise Architecture Program Edit | Details | Delete
EDS Enterprise Data Strategy Edit | Details | Delete
EdTech Education Technology Edit | Details | Delete
EdTech Portfolio The combined portfolio of products and services funded by Prop 98 funding. Edit | Details | Delete
Encryption Any procedure used in cryptography to convert plain text into cipher text to prevent anyone but the intended recipient from reading that data. Edit | Details | Delete
Enterprise Architecture The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture. Edit | Details | Delete
Enterprise Resource Planning (ERP) System A system that integrates enterprise-wide information including human resources, financials, manufacturing, and distribution as well as connects the organization to its customers and suppliers. Edit | Details | Delete
EPO Emergency Power Off; generally refers to the switch in data centers which provides capability to switch off power in emergencies. Edit | Details | Delete
EPPM Enterprise Project Management Office Edit | Details | Delete
ERP Enterprise Resource Planning Edit | Details | Delete
ETL Extract Transform Load Edit | Details | Delete
eTranscriptCA Edit | Details | Delete
Event Any observable occurrence in an information system. Edit | Details | Delete
External Vendors The scope of the Policy also includes external vendors or third party suppliers whose technology services are contracted and utilized by CCCCO information systems (Examples include, but not limited to, storage cloud providers, point to point network service providers). Edit | Details | Delete
Facilities Physical facilities, buildings, sites used to host or operate CCCCO’s information systems classified Medium, High or Mission-Critical. Edit | Details | Delete
FAQ Frequently Asked Questions Edit | Details | Delete
Fault Tolerance A property of a system that allows proper operation even if components fail. Edit | Details | Delete
FCCC Edit | Details | Delete
FERPA Family Educational Rights and Privacy Act Edit | Details | Delete
Firewall Gateway that limits access between networks in accordance with local security policy. Edit | Details | Delete
FKCE Foster Kinship Care Education Edit | Details | Delete
FY Fiscal year Edit | Details | Delete
GDS Edit | Details | Delete
GDSM Edit | Details | Delete
GMC Grant Master Charter Edit | Details | Delete
GP Grant Planning (also sometimes "Workplan") Edit | Details | Delete
Grantee A college that is a recipient of Prop 98 funding in CA through the grant process or direct funding. Edit | Details | Delete
Hashing The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. Edit | Details | Delete
Hobson Hobson Starfish Edit | Details | Delete
Hot Site A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. Edit | Details | Delete
HTC Edit | Details | Delete
Hybrid Cloud The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Edit | Details | Delete
IaaS Infrastructure as a Service Edit | Details | Delete
ICF SIP Project? Edit | Details | Delete
Identification The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system. Edit | Details | Delete
Identity The unique fact of being who or what a person or thing is. Edit | Details | Delete
Identity, Credential, and Access Management Programs, processes, technologies, and personnel used to create trusted digital identity representations of individuals and non-person entities (NPEs), bind those identities to credentials that may serve as a proxy for the individual or NPE in access transactions, and leverage the credentials to provide authorized access to an agency‘s resources. Edit | Details | Delete
Idp Information Security Services Edit | Details | Delete
Impact The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. Edit | Details | Delete
Incident An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. Edit | Details | Delete
Incident Response Plan The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attacks against an organization’s information systems. Edit | Details | Delete
Information Integrity Assurance that the data being accessed or read has neither been tampered with, nor been altered or damaged through a system error, since the time of the last authorized access. Edit | Details | Delete
Information Security The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Edit | Details | Delete
Information Security Officer Senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. Edit | Details | Delete
Information Security Program (aka IT Security Program) a program established, implemented, and maintained to assure thatadequate IT security is provided for all organizational information collected, processed, transmitted, stored, or disseminated in its information technology systems. Synonymous with Automated Information System Security Program, Computer Security Program, and Information Systems Security Program. Edit | Details | Delete
Information System (aka System) A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Edit | Details | Delete
Information System Owner Person responsible for maintaining and operating a given information system. Edit | Details | Delete
Insider Threat An entity with authorized access (i.e., within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service. Edit | Details | Delete
Integrity Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. Edit | Details | Delete
IoT Internet of Things Edit | Details | Delete
IR what is IR (as in IR policy) Edit | Details | Delete
ISO Information Security Officer/Specialist Edit | Details | Delete
ISS Information Security Services Edit | Details | Delete
ITSM ServiceNow ITSM/CSM Edit | Details | Delete
IVR Integrated Voice Response Edit | Details | Delete
JDBC Java based Database Connectivity Edit | Details | Delete
KPI Key Performance Indicator Edit | Details | Delete
Label The means used to associate a set of security attributes with a specific information object as part of the data structure for that object. Edit | Details | Delete
Launch LaunchBoard Edit | Details | Delete
LEAs Local Educational Agencies Edit | Details | Delete
LibServ Int Library Services Edit | Details | Delete
Likelihood A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability Edit | Details | Delete
Log A record of the events occurring within an organization’s systems and networks. Edit | Details | Delete
M&O Maintenance and Operations Edit | Details | Delete
Maintenance Any act that either prevents the failure or malfunction of equipment or restores its operating capability. Edit | Details | Delete
Malicious Code Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code. Edit | Details | Delete
Malware A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim. Edit | Details | Delete
Maximum Tolerable Downtime The amount of time mission/business process can be disrupted without causing significant harm to the organization’s mission. Edit | Details | Delete
MDM Master Data Management Edit | Details | Delete
MIS Management Information Systems Edit | Details | Delete
Mission-Critical Functionality Any system function, the compromise of which would degrade the effectiveness of that system in achieving the core mission for which it was designed. Edit | Details | Delete
MMI Edit | Details | Delete
MMPI Multiple Measures and Placement Initiative Edit | Details | Delete
MMPP Multiple Measures Placement Edit | Details | Delete
MMPS Multiple Measures Placement Service Edit | Details | Delete
Mobile Code Software programs or parts of programs obtained from remote systems, transmitted across a network, and executed on a local system without explicit installation or execution by the recipient. Edit | Details | Delete
Mobile Device A portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable data storage; and (iv) is powered-on for extended periods of time with a self-contained power source. Mobile devices may also include voice communication capabilities, on board sensors that allow the device to capture (e.g., photograph, video, record, or determine location) information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and E-readers. Edit | Details | Delete
Monitoring Continual checking, supervising, critically observing or determining the status in order to identify change from the performance level required or expected. Edit | Details | Delete
MOU Memorandum of Understanding Edit | Details | Delete
Multi-factor Authentication Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g., password/personal identification number); (ii) something you have (e.g., cryptographic identification device, token); and (iii) something you are (e.g., biometric). Edit | Details | Delete
N/A Online Course Exchange Edit | Details | Delete
National Vulnerability Database (NVD) The U.S. Government repository of standards based vulnerability management data, enabling automation of vulnerability management, security measurement, and compliance (e.g., FISMA). Edit | Details | Delete
NEC National Electric Code Edit | Details | Delete
Network A system implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices. Edit | Details | Delete
Network Address Translation (NAT) A mechanism for mapping addresses on one network to addresses on another network, typically private addresses to public addresses. Edit | Details | Delete
NFPA National Fire Protection Association. Edit | Details | Delete
NIST National Institute of Standards and Technology, a US Federal Agency who creates standards including various forms of cybersecurity guidance Edit | Details | Delete
NIST 800-171 Subset of NIST 800-53 for Controlled Unclassified Date (PII) in nonfederal systems and organizations. Edit | Details | Delete
NIST 800-53 A cross industry standard for information security that defines security controls across 18 different security families. This is a more sweeping standard and may be overkill for CCC Puposes. See NIST 800-171. Edit | Details | Delete
Non-Digital Media A form of media where data is stored in an analog format (e.g. paper) Edit | Details | Delete
Non-Repudiation Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information. Edit | Details | Delete
NOVA The NOVA reporting system is the online, digital submission platform for plans and reports for the California Community Colleges. Edit | Details | Delete
Obfuscation The art and science of making sure a "reasonable person" cannot uniquely identify a unitary record from aggregate data. Edit | Details | Delete
OCM Organizational Change Management Edit | Details | Delete
ODBC Open Database Connectivity Edit | Details | Delete
OEI Online Education Initiative Edit | Details | Delete
OpenCCC OpenCCC Edit | Details | Delete
OTC Online Teaching Conference Edit | Details | Delete
Outward-facing Description of a system that is connected directly to the Internet. Edit | Details | Delete
PaaS Platform as a Service Edit | Details | Delete
Password A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. Edit | Details | Delete
PCI DSS Payment Card Industry Data Security Standard, this industry standard focuses arounds securing credit card data. Edit | Details | Delete
Penetration Testing A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system. Edit | Details | Delete
People All security staff, technical support staff, contractors, business partners and vendors, using CCC information systems. Edit | Details | Delete
PEP Ed Plan Edit | Details | Delete
Personally Identifiable Information (PII) Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Edit | Details | Delete
Personnel Security The discipline of assessing the conduct, integrity, judgment, loyalty, reliability, and stability of individuals for duties and responsibilities requiring trustworthiness. Edit | Details | Delete
PESC Postsecondary Electronic Standards Council Edit | Details | Delete
Phishing Tricking individuals into disclosing sensitive personal information through deceptive computer-based means. Edit | Details | Delete
Physical Controls (aka Physical Safeguards) Physical measures, policies, and procedures to protect a covered entity's electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion. Edit | Details | Delete
PM Project Manager Edit | Details | Delete
PMBOK Project Management Body of Knowledge Edit | Details | Delete
PMF Performance Management Framework (PMF) DC PCSB's Performance Management Framework (or PMF) is used to produce the annual School Quality Report for each public charter school for which it provides oversight. DC PCSB uses the tool to review each school's academic performance annually. Edit | Details | Delete
PMI Project Management Institute Edit | Details | Delete
PMO Project Management Office Edit | Details | Delete
POC Proof of Concept Edit | Details | Delete
POCR Peer Online Course Review Edit | Details | Delete
Policy Statements, rules or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component. Edit | Details | Delete
Portal Portal Rationalization & Consolidation Edit | Details | Delete
PPM Program and Portfolio Management Edit | Details | Delete
Private Cloud The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Edit | Details | Delete
Privileged User A user that is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform. Edit | Details | Delete
Production Environment An environment where functionality and availability must be ensured for the completion of day-to-day activities. Edit | Details | Delete
Prop 98 A piece of CA legislation that funds Ed Tech efforts in the CCC. It is managed by the CCCCO and executed by colleges under the CCCCO's direction Edit | Details | Delete
Protocol A set of rules (i.e., formats and procedures) to implement and control some type of association (e.g., communication) between systems. Edit | Details | Delete
PRT Resource Peer Team Edit | Details | Delete
Public Cloud The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Edit | Details | Delete
RACI Role and Responsibility Definition Edit | Details | Delete
RAID Log supporting tracking of project Risks, Actions, Issues, Decisions Edit | Details | Delete
RCO Recovery Capacity Objective Edit | Details | Delete
Reconstitution Activities that takes place after recovery to return information systems to fully operational states. Edit | Details | Delete
Recovery Executing information system contingency plan activities to restore business functions (Either during Contingency plan testing or after Contingency Plan has been invoked). Edit | Details | Delete
Removable Media Portable data storage medium that can be added to or removed from a computing device or network Edit | Details | Delete
Residual Risk Portion of risk remaining after security measures have been applied. Edit | Details | Delete
RFA Request for Assistance Edit | Details | Delete
RFP Request for Proposals Edit | Details | Delete
Risk A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically is a function of: (i) the adverse impact, or magnitude of harm, that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Edit | Details | Delete
Risk Assessment The process of identifying risks to organizational operations (including mission, functions, image, and reputation), organizational assets, and individuals resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. Edit | Details | Delete
Risk Register A central record of current risks and related information for a given scope or organization. Current risks are comprised of both accepted risks and risks that have a planned mitigation path Edit | Details | Delete
RPO The point in time to which data must be recovered after an outage. Edit | Details | Delete
RTO The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business processes. Edit | Details | Delete
S3 Single Storage Service Edit | Details | Delete
SaaS Software as a Service Edit | Details | Delete
Salt A non-secret value used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker. Edit | Details | Delete
Sanitization Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs. Edit | Details | Delete
SB Student Basic and Student Financial. The related set is SX which is Student Enrollment Edit | Details | Delete
SCFF Student Centered Funding Formula Edit | Details | Delete
SDLC System Development Life Cycle- The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation. Edit | Details | Delete
Security Controls A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements. Edit | Details | Delete
Security Plan Formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements. Edit | Details | Delete
Server A system entity that provides a service in response to requests from clients. Edit | Details | Delete
Session A persistent interaction between a subscriber and an end point. A session begins with an authentication event and ends with a session termination event. Edit | Details | Delete
SF Student Basic and Student Financial. The related set is SX which is Student Enrollment Edit | Details | Delete
SIP Shared Infrastructure Program Edit | Details | Delete
SIS Student Information Systems Edit | Details | Delete
SME Subject Matter Expert Edit | Details | Delete
SOA Service-Oriented Architecture Edit | Details | Delete
SOAA Scale of Adoption Assessment (related to Guided Pathways) Edit | Details | Delete
SOP Standard Operating Procedure Edit | Details | Delete
SOW Statement of Work Edit | Details | Delete
Spam The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. Also, irrelevant or inappropriate messages sent on the Internet to a large number of recipients. Edit | Details | Delete
SSI (Self-Sovereign-Identity) Self-sovereign identity (SSI) is a term used to describe the digital movement that recognizes an individual should own and control their identity without the intervening administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world. Edit | Details | Delete
SSLC Information Security Services Edit | Details | Delete
SSM Student Success Metrics Edit | Details | Delete
SSO Single Sign On Edit | Details | Delete
SSOProxy Information Security Services Edit | Details | Delete
SSTF Student Success Task Force Edit | Details | Delete
Sub-Grantee An organziation or vendor that is sub-contracted or financed by a college to execute grant activities Edit | Details | Delete
SWP Strong Workforce Program Edit | Details | Delete
SX Student Basic and Student Financial. The related set is SX which is Student Enrollment Edit | Details | Delete
System Component (aka Component) A discrete identifiable information technology asset that represents a building block of a system and may include hardware, software, and firmware. Edit | Details | Delete
System Integrity State of a system where it is performing its intended functions without being degraded or impaired by changes or disruptions in its internal or external environments. The quality that a system has when performing the intended function in an unimpaired manner, free from unauthorized manipulation. Edit | Details | Delete
TAP Technical Assistance Program Edit | Details | Delete
TC TechConnect Cloud Edit | Details | Delete
TCO total cost of ownership Edit | Details | Delete
TFS Team Foundation Server Edit | Details | Delete
Threat Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. Edit | Details | Delete
Total Risk The potential for the occurrence of an adverse event if no mitigating action is taken (i.e., the potential for any applicable threat to exploit a vulnerability) Edit | Details | Delete
TRP Technical Review Panels Edit | Details | Delete
TTAC Telecommunications and Technology Advisory Committee Edit | Details | Delete
UC University of California Edit | Details | Delete
User Individual, or (system) process acting on behalf of an individual, authorized to access an information system. Edit | Details | Delete
Vendor (aka Third Party Provider) Service providers, integrators, vendors, telecommunications, and infrastructure support that are external to the organization Edit | Details | Delete
VESDA Very Early Smoke Detection Apparatus Edit | Details | Delete
Virtualization The simulation of the software and/or hardware upon which other software runs. Edit | Details | Delete
Vulnerability Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. Edit | Details | Delete
Vulnerability Assessment Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation. Edit | Details | Delete
Warm Site An environmentally conditioned work space that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption. Edit | Details | Delete
WEDD Workforce & Economic Development Edit | Details | Delete
WestEd Edit | Details | Delete
WIOA Workforce Innovation and Opportunity Act (an EDD acronym) Edit | Details | Delete
Wireless Technology Technology that permits the transfer of information between separated points without physical connection. Wireless technologies include microwave, packet radio (ultra-high frequency or very high frequency), 802.11x, and Bluetooth. Edit | Details | Delete
WPOA Work Plan Objective Agreements Edit | Details | Delete
xEnroll Cross Enrollment Edit | Details | Delete
z Course Exchange (specifically, automated cross enrollment), Common Course Management System (Canvas) Edit | Details | Delete