Acceptable Risk
|
The level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system
|
Edit |
Details |
Delete
|
Access
|
Ability to make use of any information system resource.
|
Edit |
Details |
Delete
|
Access Control
|
Process of granting access to information system resources only to authorized users, programs, processes, or other systems.
|
Edit |
Details |
Delete
|
Accountability
|
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.
|
Edit |
Details |
Delete
|
ADA
|
Americans with Disabilities
|
Edit |
Details |
Delete
|
Administrative Controls (Safeguards)
|
Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.
|
Edit |
Details |
Delete
|
ADT
|
Associate Degree Transfer
|
Edit |
Details |
Delete
|
Alias / Persona
|
A digital identity that is not directly or openly correlated to a real world identity.
|
Edit |
Details |
Delete
|
API
|
Application Programming Interface
|
Edit |
Details |
Delete
|
Application
|
A software program hosted by an information system.
|
Edit |
Details |
Delete
|
ARB
|
Architecture Review Board
|
Edit |
Details |
Delete
|
ARCC
|
Accountability Reporting for the Community Colleges
|
Edit |
Details |
Delete
|
Artifact
|
A piece of evidence, such as text or a reference to a resource, that is submitted to support a response to a question.
|
Edit |
Details |
Delete
|
ASCCC
|
Academic Senate for California Community Colleges
|
Edit |
Details |
Delete
|
Asset
|
Anything that has value to an organization, including, but not limited to, another organization, person, computing device, information technology (IT) system, IT network, IT circuit, software (both an installed instance and a physical instance), virtual computing platform (common in cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards).
|
Edit |
Details |
Delete
|
ASSIST
|
Articulation System Stimulating Inter-Institutional Student Transder
|
Edit |
Details |
Delete
|
Attack Surface
|
The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.
|
Edit |
Details |
Delete
|
Audit
|
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.
|
Edit |
Details |
Delete
|
Authentication
|
the process or action of verifying the identity of a user or process. User authentication for each device ensures that the individual using the device is recognized by the company.
|
Edit |
Details |
Delete
|
Authority
|
The aggregate of people, procedures, documentation, hardware, and/or software necessary to authorize and enable security-relevant functions.
|
Edit |
Details |
Delete
|
Authorization
|
Authorization is the function of specifying access rights/privileges to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define an access policy.
|
Edit |
Details |
Delete
|
Availability
|
Ensuring timely and reliable access to and use of information.
|
Edit |
Details |
Delete
|
Awareness, Training, and Education Controls
|
include (1) awareness programs which set the stage for training by changing organizational attitudes to realize the importance of security and the adverse consequences of its failure, (2) training which teaches people the skills that will enable them to perform their jobs more effectively, and (3) education which is targeted for IT security professionals and focuses on developing the ability and vision to perform complex, multi-disciplinary activities.
|
Edit |
Details |
Delete
|
AWS
|
Amazon Web Service
|
Edit |
Details |
Delete
|
Backup
|
A copy of files and programs made to facilitate recovery if necessary.
|
Edit |
Details |
Delete
|
Baseline Configuration
|
A set of specifications for a system, or items within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.
|
Edit |
Details |
Delete
|
BCP
|
Business Continuity Plan
|
Edit |
Details |
Delete
|
BI
|
Business Intelligence
|
Edit |
Details |
Delete
|
Boundary
|
Physical or logical perimeter of a system.
|
Edit |
Details |
Delete
|
Business Continuity Plan
|
The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.
|
Edit |
Details |
Delete
|
Business Impact Analysis
|
An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.
|
Edit |
Details |
Delete
|
Business Partner
|
The business owner is the senior official or executive within an organization with specific mission or line of business responsibilities and that has a security and privacy interest in the organizational systems supporting those missions or lines of business. Business owners are key stakeholders that have a significant role in establishing organizational business processes and the protection needs and security and privacy requirements that ensure the successful conduct of the organization’s business operations.
|
Edit |
Details |
Delete
|
CAI
|
Common Assessment Initiative
|
Edit |
Details |
Delete
|
CalREN
|
California Research and Education Network
|
Edit |
Details |
Delete
|
CANVAS
|
Is a Learning Management System (LMS)
|
Edit |
Details |
Delete
|
CAP
|
California Acceleration Project (CAP)
|
Edit |
Details |
Delete
|
CBO
|
Chief Business Officer
|
Edit |
Details |
Delete
|
CBS
|
Chief Business Officer
|
Edit |
Details |
Delete
|
CCCCAP
|
California Community Colleges Core Apps Program
|
Edit |
Details |
Delete
|
CCCCCC
|
California Community Colleges Career Coach
|
Edit |
Details |
Delete
|
CCCDW
|
CCC Data Warehouse
|
Edit |
Details |
Delete
|
CCCTC
|
California Community Colleges Tech Center
|
Edit |
Details |
Delete
|
cccTOM
|
California Community Colleges Transformation Operating Model
|
Edit |
Details |
Delete
|
CCD
|
Community College District
|
Edit |
Details |
Delete
|
CCFS
|
|
Edit |
Details |
Delete
|
CCFS311
|
|
Edit |
Details |
Delete
|
CCGI
|
CCCData
|
Edit |
Details |
Delete
|
CCM
|
Change Configuration Management
|
Edit |
Details |
Delete
|
CCO
|
?Chief Compliance Officer? - usually not data but may be financial or academic standards
|
Edit |
Details |
Delete
|
CCP
|
|
Edit |
Details |
Delete
|
CCPG
|
California College Promise Grant
|
Edit |
Details |
Delete
|
CCRC
|
Community College Research Center
|
Edit |
Details |
Delete
|
CDE
|
|
Edit |
Details |
Delete
|
CDO
|
Chief Data Officer
|
Edit |
Details |
Delete
|
CENIC
|
Corporation for Educational Network Initiatives in California
|
Edit |
Details |
Delete
|
CEO
|
Chief Educational Officer
|
Edit |
Details |
Delete
|
CFFP
|
College Finance and Facilities Planning
|
Edit |
Details |
Delete
|
Chain of Custody
|
A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.
|
Edit |
Details |
Delete
|
Change (aka Security-Related Change)
|
Any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations.
|
Edit |
Details |
Delete
|
C-ID
|
Course Identification Numbering System
|
Edit |
Details |
Delete
|
CIO
|
Chief Information Officer
|
Edit |
Details |
Delete
|
CIO[a]
|
Chief Instructional Officer (Alternative)
|
Edit |
Details |
Delete
|
CIRT
|
Computer or Cyber Incident Response Team
|
Edit |
Details |
Delete
|
CISO
|
Chief Information Systems Officer possibly "Chief Cyber Security Officer" (CCSO)
|
Edit |
Details |
Delete
|
CISO[a]
|
Chief Information Security Officer (Alternative)
|
Edit |
Details |
Delete
|
Client
|
A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server.
|
Edit |
Details |
Delete
|
Cloud Computing
|
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
|
Edit |
Details |
Delete
|
CMS
|
Canvas
|
Edit |
Details |
Delete
|
CO
|
Chancellor's Office
|
Edit |
Details |
Delete
|
COA
|
Certificate of Achievement (COA) pathways
|
Edit |
Details |
Delete
|
COCI
|
Chancellor's Office Curriculum Inventory
|
Edit |
Details |
Delete
|
Cold Site
|
A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site.
|
Edit |
Details |
Delete
|
COMIS
|
Chancellor’s Office Management Information System
|
Edit |
Details |
Delete
|
Community Cloud
|
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
|
Edit |
Details |
Delete
|
Compensating Control
|
Security control employed in lieu of the recommended controls that provides equivalent or comparable protection for an information system or organization.
|
Edit |
Details |
Delete
|
Confidentiality
|
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
|
Edit |
Details |
Delete
|
Configuration
|
The possible conditions, parameters, and specifications with which an information system or system component can be described or arranged.
|
Edit |
Details |
Delete
|
Configuration Management
|
A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems.
|
Edit |
Details |
Delete
|
COREAPS
|
CCC Core Applications
|
Edit |
Details |
Delete
|
COREAPS1
|
COREAPS1 - CCC Core Applications Project (CCCCAP) (19-081-101)
|
Edit |
Details |
Delete
|
COREAPS2
|
COREAPS2 - CCC Core Applications Project (CCCCAP) (19-081-102)
|
Edit |
Details |
Delete
|
COTOP
|
CO Tax Offset Program
|
Edit |
Details |
Delete
|
CPO
|
Chief Privacy Officer
|
Edit |
Details |
Delete
|
CR
|
Change Request
|
Edit |
Details |
Delete
|
Criticality
|
A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.
|
Edit |
Details |
Delete
|
CSSO
|
Chief Students Services Officer
|
Edit |
Details |
Delete
|
CSU
|
California State University
|
Edit |
Details |
Delete
|
CTC
|
|
Edit |
Details |
Delete
|
CTE
|
Career and Technical Education
|
Edit |
Details |
Delete
|
CTO
|
Chief Technology Officer
|
Edit |
Details |
Delete
|
CVC
|
California Virtual Campus
|
Edit |
Details |
Delete
|
CVC-OEI
|
California Virtual College, Online Education Initiative
|
Edit |
Details |
Delete
|
CVE
|
Common Vulnerability Enumeration
|
Edit |
Details |
Delete
|
CVSS
|
A system for measuring the relative severity of software flaw vulnerabilities.
|
Edit |
Details |
Delete
|
Cybersecurity
|
Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.
|
Edit |
Details |
Delete
|
Data Access*
|
refers to a user's ability to access or retrieve data stored within a database or other repository. This definition includes terms, but is not limited to read, write, delete, modify, export, and/or print data.
|
Edit |
Details |
Delete
|
Data Custodian
|
Data Custodians are responsible for the safe custody, transport, storage of the data and implementation of business rules. Simply put, Data Stewards are responsible for what is stored in a data field, while Data Custodians are responsible for the technical environment and database structure.
|
Edit |
Details |
Delete
|
Data Governance
|
Data governance is a data management concept concerning the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency[1], data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
|
Edit |
Details |
Delete
|
Data Integrity
|
The accuracy and consistency of stored data, indicated by an absence of any alteration in data between two updates of data record. Data integrity is imposed within the datastore at its design stage through the use of standard rules and procedures, and is maintained through the use of error checking and validation routines.
|
Edit |
Details |
Delete
|
Data Owner
|
Data ownership is the act of having legal rights and complete control over a single piece or set of data elements. It defines and provides information about the rightful owner of data assets and the acquisition, use and distribution policy implemented by the Data Owner. The Data Owner has the ability to create, edit, modify, share and restrict access to the data. The Data Owner claims the possession to such data to ensure their control and ability to take legal action if their ownership is illegitimately breached by an internal or external entity.
|
Edit |
Details |
Delete
|
Data Steward
|
A Data Steward is a job role that involves planning, implementing and managing the sourcing, use and maintenance of data assets in an organization. Data Stewards enable an organization to take control and govern all the types and forms of data and their associated libraries or repositories. A Data Steward ensures that there are documented procedures and guidelines for data access and use. Data Stewards work with Data Owners, Data Users, Database Administrators and other related staff to plan and execute an enterprise-wide data governance, control and compliance policy.
|
Edit |
Details |
Delete
|
Data User
|
Data Users are required to follow all specific policies, guidelines, and procedures established by the administration, departments, or business units with which they are associated and that have provided them with access privileges. This includes information confidentiality and any reports from the dataset should not be shared or made accessible to others without express permission of the Data Owner. The Data User is also charged with ensuring the security of any sensitive organizational data and should not leave copies of this data in unencrypted form on laptops or removable media.
|
Edit |
Details |
Delete
|
DataDef
|
Data Definitions and Harmonization
|
Edit |
Details |
Delete
|
DataLake
|
CCCData
|
Edit |
Details |
Delete
|
Defense-in-Depth
|
Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.
|
Edit |
Details |
Delete
|
Denial of Service
|
The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided).
|
Edit |
Details |
Delete
|
Deny by Default
|
To block all inbound and outbound traffic that has not been expressly permitted by firewall policy.
|
Edit |
Details |
Delete
|
Destruction
|
The process of overwriting, erasing, or physically destroying information so that it cannot be recovered.
|
Edit |
Details |
Delete
|
DGC
|
Data Governance Council
|
Edit |
Details |
Delete
|
DGS
|
Department of General Services
|
Edit |
Details |
Delete
|
Dict
|
CCCData
|
Edit |
Details |
Delete
|
Digital Forensics
|
The application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
|
Edit |
Details |
Delete
|
Digital Identity
|
a unique fact of being in the digital world that may be connected to a real world fact (digital twin) or may not (alias/persona)
|
Edit |
Details |
Delete
|
Digital Media
|
A form of electronic media where data is stored in digital (as opposed to analog) form (e.g., hard disk drive, flash drive, CD, DVD, etc.)
|
Edit |
Details |
Delete
|
Digital Signature
|
The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation.
|
Edit |
Details |
Delete
|
Digital Twin
|
When the digital identity is tightly aligned with the real world identity, it is often called a “Digital Twin.”
|
Edit |
Details |
Delete
|
Disaster Recovery (DR)
|
Disaster recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events. Disaster recovery can therefore be considered as a subset of business continuity.
|
Edit |
Details |
Delete
|
DMZ
|
A network created by connecting two firewalls. Systems that are externally accessible but need some protections are usually located on DMZ networks.
|
Edit |
Details |
Delete
|
DR
|
Disaster Recovery
|
Edit |
Details |
Delete
|
DSP
|
Data Services Program
|
Edit |
Details |
Delete
|
DST
|
Data Science Tools
|
Edit |
Details |
Delete
|
DSTSC
|
Data Science Tools (DST) Steering Committee
|
Edit |
Details |
Delete
|
DSWG
|
Data Stewards Working Group
|
Edit |
Details |
Delete
|
DTAC
|
District Technology Advisory Committee
|
Edit |
Details |
Delete
|
DWRPT
|
CCCData
|
Edit |
Details |
Delete
|
EA
|
Enterprise Architecture
|
Edit |
Details |
Delete
|
EAP?
|
Enterprise Architecture Program
|
Edit |
Details |
Delete
|
EDS
|
Enterprise Data Strategy
|
Edit |
Details |
Delete
|
EdTech
|
Education Technology
|
Edit |
Details |
Delete
|
EdTech Portfolio
|
The combined portfolio of products and services funded by Prop 98 funding.
|
Edit |
Details |
Delete
|
Encryption
|
Any procedure used in cryptography to convert plain text into cipher text to prevent anyone but the intended recipient from reading that data.
|
Edit |
Details |
Delete
|
Enterprise Architecture
|
The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.
|
Edit |
Details |
Delete
|
Enterprise Resource Planning (ERP) System
|
A system that integrates enterprise-wide information including human resources, financials, manufacturing, and distribution as well as connects the organization to its customers and suppliers.
|
Edit |
Details |
Delete
|
EPO
|
Emergency Power Off; generally refers to the switch in data centers which provides capability to switch off power in emergencies.
|
Edit |
Details |
Delete
|
EPPM
|
Enterprise Project Management Office
|
Edit |
Details |
Delete
|
ERP
|
Enterprise Resource Planning
|
Edit |
Details |
Delete
|
ETL
|
Extract Transform Load
|
Edit |
Details |
Delete
|
eTranscriptCA
|
|
Edit |
Details |
Delete
|
Event
|
Any observable occurrence in an information system.
|
Edit |
Details |
Delete
|
External Vendors
|
The scope of the Policy also includes external vendors or third party suppliers whose technology services are contracted and utilized by CCCCO information systems (Examples include, but not limited to, storage cloud providers, point to point network service providers).
|
Edit |
Details |
Delete
|
Facilities
|
Physical facilities, buildings, sites used to host or operate CCCCO’s information systems classified Medium, High or Mission-Critical.
|
Edit |
Details |
Delete
|
FAQ
|
Frequently Asked Questions
|
Edit |
Details |
Delete
|
Fault Tolerance
|
A property of a system that allows proper operation even if components fail.
|
Edit |
Details |
Delete
|
FCCC
|
|
Edit |
Details |
Delete
|
FERPA
|
Family Educational Rights and Privacy Act
|
Edit |
Details |
Delete
|
Firewall
|
Gateway that limits access between networks in accordance with local security policy.
|
Edit |
Details |
Delete
|
FKCE
|
Foster Kinship Care Education
|
Edit |
Details |
Delete
|
FY
|
Fiscal year
|
Edit |
Details |
Delete
|
GDS
|
|
Edit |
Details |
Delete
|
GDSM
|
|
Edit |
Details |
Delete
|
GMC
|
Grant Master Charter
|
Edit |
Details |
Delete
|
GP
|
Grant Planning (also sometimes "Workplan")
|
Edit |
Details |
Delete
|
Grantee
|
A college that is a recipient of Prop 98 funding in CA through the grant process or direct funding.
|
Edit |
Details |
Delete
|
Hashing
|
The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.
|
Edit |
Details |
Delete
|
Hobson
|
Hobson Starfish
|
Edit |
Details |
Delete
|
Hot Site
|
A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption.
|
Edit |
Details |
Delete
|
HTC
|
|
Edit |
Details |
Delete
|
Hybrid Cloud
|
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
|
Edit |
Details |
Delete
|
IaaS
|
Infrastructure as a Service
|
Edit |
Details |
Delete
|
ICF
|
SIP Project?
|
Edit |
Details |
Delete
|
Identification
|
The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.
|
Edit |
Details |
Delete
|
Identity
|
The unique fact of being who or what a person or thing is.
|
Edit |
Details |
Delete
|
Identity, Credential, and Access Management
|
Programs, processes, technologies, and personnel used to create trusted digital identity representations of individuals and non-person entities (NPEs), bind those identities to credentials that may serve as a proxy for the individual or NPE in access transactions, and leverage the credentials to provide authorized access to an agency‘s resources.
|
Edit |
Details |
Delete
|
Idp
|
Information Security Services
|
Edit |
Details |
Delete
|
Impact
|
The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.
|
Edit |
Details |
Delete
|
Incident
|
An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
|
Edit |
Details |
Delete
|
Incident Response Plan
|
The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attacks against an organization’s information systems.
|
Edit |
Details |
Delete
|
Information Integrity
|
Assurance that the data being accessed or read has neither been tampered with, nor been altered or damaged through a system error, since the time of the last authorized access.
|
Edit |
Details |
Delete
|
Information Security
|
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
|
Edit |
Details |
Delete
|
Information Security Officer
|
Senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
|
Edit |
Details |
Delete
|
Information Security Program (aka IT Security Program)
|
a program established, implemented, and maintained to assure thatadequate IT security is provided for all organizational information collected, processed, transmitted, stored, or disseminated in its information technology systems. Synonymous with Automated Information System Security Program, Computer Security Program, and Information Systems Security Program.
|
Edit |
Details |
Delete
|
Information System (aka System)
|
A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
|
Edit |
Details |
Delete
|
Information System Owner
|
Person responsible for maintaining and operating a given information system.
|
Edit |
Details |
Delete
|
Insider Threat
|
An entity with authorized access (i.e., within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service.
|
Edit |
Details |
Delete
|
Integrity
|
Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.
|
Edit |
Details |
Delete
|
IoT
|
Internet of Things
|
Edit |
Details |
Delete
|
IR
|
what is IR (as in IR policy)
|
Edit |
Details |
Delete
|
ISO
|
Information Security Officer/Specialist
|
Edit |
Details |
Delete
|
ISS
|
Information Security Services
|
Edit |
Details |
Delete
|
ITSM
|
ServiceNow ITSM/CSM
|
Edit |
Details |
Delete
|
IVR
|
Integrated Voice Response
|
Edit |
Details |
Delete
|
JDBC
|
Java based Database Connectivity
|
Edit |
Details |
Delete
|
KPI
|
Key Performance Indicator
|
Edit |
Details |
Delete
|
Label
|
The means used to associate a set of security attributes with a specific information object as part of the data structure for that object.
|
Edit |
Details |
Delete
|
Launch
|
LaunchBoard
|
Edit |
Details |
Delete
|
LEAs
|
Local Educational Agencies
|
Edit |
Details |
Delete
|
LibServ
|
Int Library Services
|
Edit |
Details |
Delete
|
Likelihood
|
A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability
|
Edit |
Details |
Delete
|
Log
|
A record of the events occurring within an organization’s systems and networks.
|
Edit |
Details |
Delete
|
M&O
|
Maintenance and Operations
|
Edit |
Details |
Delete
|
Maintenance
|
Any act that either prevents the failure or malfunction of equipment or restores its operating capability.
|
Edit |
Details |
Delete
|
Malicious Code
|
Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code.
|
Edit |
Details |
Delete
|
Malware
|
A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim.
|
Edit |
Details |
Delete
|
Maximum Tolerable Downtime
|
The amount of time mission/business process can be disrupted without causing significant harm to the organization’s mission.
|
Edit |
Details |
Delete
|
MDM
|
Master Data Management
|
Edit |
Details |
Delete
|
MIS
|
Management Information Systems
|
Edit |
Details |
Delete
|
Mission-Critical Functionality
|
Any system function, the compromise of which would degrade the effectiveness of that system in achieving the core mission for which it was designed.
|
Edit |
Details |
Delete
|
MMI
|
|
Edit |
Details |
Delete
|
MMPI
|
Multiple Measures and Placement Initiative
|
Edit |
Details |
Delete
|
MMPP
|
Multiple Measures Placement
|
Edit |
Details |
Delete
|
MMPS
|
Multiple Measures Placement Service
|
Edit |
Details |
Delete
|
Mobile Code
|
Software programs or parts of programs obtained from remote systems, transmitted across a network, and executed on a local system without explicit installation or execution by the recipient.
|
Edit |
Details |
Delete
|
Mobile Device
|
A portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable data storage; and (iv) is powered-on for extended periods of time with a self-contained power source. Mobile devices may also include voice communication capabilities, on board sensors that allow the device to capture (e.g., photograph, video, record, or determine location) information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and E-readers.
|
Edit |
Details |
Delete
|
Monitoring
|
Continual checking, supervising, critically observing or determining the status in order to identify change from the performance level required or expected.
|
Edit |
Details |
Delete
|
MOU
|
Memorandum of Understanding
|
Edit |
Details |
Delete
|
Multi-factor Authentication
|
Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g., password/personal identification number); (ii) something you have (e.g., cryptographic identification device, token); and (iii) something you are (e.g., biometric).
|
Edit |
Details |
Delete
|
N/A
|
Online Course Exchange
|
Edit |
Details |
Delete
|
National Vulnerability Database (NVD)
|
The U.S. Government repository of standards based vulnerability management data, enabling automation of vulnerability management, security measurement, and compliance (e.g., FISMA).
|
Edit |
Details |
Delete
|
NEC
|
National Electric Code
|
Edit |
Details |
Delete
|
Network
|
A system implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.
|
Edit |
Details |
Delete
|
Network Address Translation (NAT)
|
A mechanism for mapping addresses on one network to addresses on another network, typically private addresses to public addresses.
|
Edit |
Details |
Delete
|
NFPA
|
National Fire Protection Association.
|
Edit |
Details |
Delete
|
NIST
|
National Institute of Standards and Technology, a US Federal Agency who creates standards including various forms of cybersecurity guidance
|
Edit |
Details |
Delete
|
NIST 800-171
|
Subset of NIST 800-53 for Controlled Unclassified Date (PII) in nonfederal systems and organizations. https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
|
Edit |
Details |
Delete
|
NIST 800-53
|
A cross industry standard for information security that defines security controls across 18 different security families. This is a more sweeping standard and may be overkill for CCC Puposes. https://nvd.nist.gov/800-53 See NIST 800-171.
|
Edit |
Details |
Delete
|
Non-Digital Media
|
A form of media where data is stored in an analog format (e.g. paper)
|
Edit |
Details |
Delete
|
Non-Repudiation
|
Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.
|
Edit |
Details |
Delete
|
NOVA
|
The NOVA reporting system is the online, digital submission platform for plans and reports for the California Community Colleges.
|
Edit |
Details |
Delete
|
Obfuscation
|
The art and science of making sure a "reasonable person" cannot uniquely identify a unitary record from aggregate data.
|
Edit |
Details |
Delete
|
OCM
|
Organizational Change Management
|
Edit |
Details |
Delete
|
ODBC
|
Open Database Connectivity
|
Edit |
Details |
Delete
|
OEI
|
Online Education Initiative
|
Edit |
Details |
Delete
|
OpenCCC
|
OpenCCC
|
Edit |
Details |
Delete
|
OTC
|
Online Teaching Conference
|
Edit |
Details |
Delete
|
Outward-facing
|
Description of a system that is connected directly to the Internet.
|
Edit |
Details |
Delete
|
PaaS
|
Platform as a Service
|
Edit |
Details |
Delete
|
Password
|
A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
|
Edit |
Details |
Delete
|
PCI DSS
|
Payment Card Industry Data Security Standard, this industry standard focuses arounds securing credit card data. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true
|
Edit |
Details |
Delete
|
Penetration Testing
|
A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
|
Edit |
Details |
Delete
|
People
|
All security staff, technical support staff, contractors, business partners and vendors, using CCC information systems.
|
Edit |
Details |
Delete
|
PEP
|
Ed Plan
|
Edit |
Details |
Delete
|
Personally Identifiable Information (PII)
|
Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
|
Edit |
Details |
Delete
|
Personnel Security
|
The discipline of assessing the conduct, integrity, judgment, loyalty, reliability, and stability of individuals for duties and responsibilities requiring trustworthiness.
|
Edit |
Details |
Delete
|
PESC
|
Postsecondary Electronic Standards Council
|
Edit |
Details |
Delete
|
Phishing
|
Tricking individuals into disclosing sensitive personal information through deceptive computer-based means.
|
Edit |
Details |
Delete
|
Physical Controls (aka Physical Safeguards)
|
Physical measures, policies, and procedures to protect a covered entity's electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.
|
Edit |
Details |
Delete
|
PM
|
Project Manager
|
Edit |
Details |
Delete
|
PMBOK
|
Project Management Body of Knowledge
|
Edit |
Details |
Delete
|
PMF
|
Performance Management Framework (PMF) DC PCSB's Performance Management Framework (or PMF) is used to produce the annual School Quality Report for each public charter school for which it provides oversight. DC PCSB uses the tool to review each school's academic performance annually.
|
Edit |
Details |
Delete
|
PMI
|
Project Management Institute
|
Edit |
Details |
Delete
|
PMO
|
Project Management Office
|
Edit |
Details |
Delete
|
POC
|
Proof of Concept
|
Edit |
Details |
Delete
|
POCR
|
Peer Online Course Review
|
Edit |
Details |
Delete
|
Policy
|
Statements, rules or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component.
|
Edit |
Details |
Delete
|
Portal
|
Portal Rationalization & Consolidation
|
Edit |
Details |
Delete
|
PPM
|
Program and Portfolio Management
|
Edit |
Details |
Delete
|
Private Cloud
|
The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
|
Edit |
Details |
Delete
|
Privileged User
|
A user that is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.
|
Edit |
Details |
Delete
|
Production Environment
|
An environment where functionality and availability must be ensured for the completion of day-to-day activities.
|
Edit |
Details |
Delete
|
Prop 98
|
A piece of CA legislation that funds Ed Tech efforts in the CCC. It is managed by the CCCCO and executed by colleges under the CCCCO's direction
|
Edit |
Details |
Delete
|
Protocol
|
A set of rules (i.e., formats and procedures) to implement and control some type of association (e.g., communication) between systems.
|
Edit |
Details |
Delete
|
PRT
|
Resource Peer Team
|
Edit |
Details |
Delete
|
Public Cloud
|
The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
|
Edit |
Details |
Delete
|
RACI
|
Role and Responsibility Definition
|
Edit |
Details |
Delete
|
RAID
|
Log supporting tracking of project Risks, Actions, Issues, Decisions
|
Edit |
Details |
Delete
|
RCO
|
Recovery Capacity Objective
|
Edit |
Details |
Delete
|
Reconstitution
|
Activities that takes place after recovery to return information systems to fully operational states.
|
Edit |
Details |
Delete
|
Recovery
|
Executing information system contingency plan activities to restore business functions (Either during Contingency plan testing or after Contingency Plan has been invoked).
|
Edit |
Details |
Delete
|
Removable Media
|
Portable data storage medium that can be added to or removed from a computing device or network
|
Edit |
Details |
Delete
|
Residual Risk
|
Portion of risk remaining after security measures have been applied.
|
Edit |
Details |
Delete
|
RFA
|
Request for Assistance
|
Edit |
Details |
Delete
|
RFP
|
Request for Proposals
|
Edit |
Details |
Delete
|
Risk
|
A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically is a function of: (i) the adverse impact, or magnitude of harm, that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.
|
Edit |
Details |
Delete
|
Risk Assessment
|
The process of identifying risks to organizational operations (including mission, functions, image, and reputation), organizational assets, and individuals resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
|
Edit |
Details |
Delete
|
Risk Register
|
A central record of current risks and related information for a given scope or organization. Current risks are comprised of both accepted risks and risks that have a planned mitigation path
|
Edit |
Details |
Delete
|
RPO
|
The point in time to which data must be recovered after an outage.
|
Edit |
Details |
Delete
|
RTO
|
The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business processes.
|
Edit |
Details |
Delete
|
S3
|
Single Storage Service
|
Edit |
Details |
Delete
|
SaaS
|
Software as a Service
|
Edit |
Details |
Delete
|
Salt
|
A non-secret value used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker.
|
Edit |
Details |
Delete
|
Sanitization
|
Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.
|
Edit |
Details |
Delete
|
SB
|
Student Basic and Student Financial. The related set is SX which is Student Enrollment
|
Edit |
Details |
Delete
|
SCFF
|
Student Centered Funding Formula
|
Edit |
Details |
Delete
|
SDLC
|
System Development Life Cycle- The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.
|
Edit |
Details |
Delete
|
Security Controls
|
A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.
|
Edit |
Details |
Delete
|
Security Plan
|
Formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.
|
Edit |
Details |
Delete
|
Server
|
A system entity that provides a service in response to requests from clients.
|
Edit |
Details |
Delete
|
Session
|
A persistent interaction between a subscriber and an end point. A session begins with an authentication event and ends with a session termination event.
|
Edit |
Details |
Delete
|
SF
|
Student Basic and Student Financial. The related set is SX which is Student Enrollment
|
Edit |
Details |
Delete
|
SIP
|
Shared Infrastructure Program
|
Edit |
Details |
Delete
|
SIS
|
Student Information Systems
|
Edit |
Details |
Delete
|
SME
|
Subject Matter Expert
|
Edit |
Details |
Delete
|
SOA
|
Service-Oriented Architecture
|
Edit |
Details |
Delete
|
SOAA
|
Scale of Adoption Assessment (related to Guided Pathways)
|
Edit |
Details |
Delete
|
SOP
|
Standard Operating Procedure
|
Edit |
Details |
Delete
|
SOW
|
Statement of Work
|
Edit |
Details |
Delete
|
Spam
|
The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. Also, irrelevant or inappropriate messages sent on the Internet to a large number of recipients.
|
Edit |
Details |
Delete
|
SSI (Self-Sovereign-Identity)
|
Self-sovereign identity (SSI) is a term used to describe the digital movement that recognizes an individual should own and control their identity without the intervening administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world.
|
Edit |
Details |
Delete
|
SSLC
|
Information Security Services
|
Edit |
Details |
Delete
|
SSM
|
Student Success Metrics
|
Edit |
Details |
Delete
|
SSO
|
Single Sign On
|
Edit |
Details |
Delete
|
SSOProxy
|
Information Security Services
|
Edit |
Details |
Delete
|
SSTF
|
Student Success Task Force
|
Edit |
Details |
Delete
|
Sub-Grantee
|
An organziation or vendor that is sub-contracted or financed by a college to execute grant activities
|
Edit |
Details |
Delete
|
SWP
|
Strong Workforce Program
|
Edit |
Details |
Delete
|
SX
|
Student Basic and Student Financial. The related set is SX which is Student Enrollment
|
Edit |
Details |
Delete
|
System Component (aka Component)
|
A discrete identifiable information technology asset that represents a building block of a system and may include hardware, software, and firmware.
|
Edit |
Details |
Delete
|
System Integrity
|
State of a system where it is performing its intended functions without being degraded or impaired by changes or disruptions in its internal or external environments. The quality that a system has when performing the intended function in an unimpaired manner, free from unauthorized manipulation.
|
Edit |
Details |
Delete
|
TAP
|
Technical Assistance Program
|
Edit |
Details |
Delete
|
TC
|
TechConnect Cloud
|
Edit |
Details |
Delete
|
TCO
|
total cost of ownership
|
Edit |
Details |
Delete
|
TFS
|
Team Foundation Server
|
Edit |
Details |
Delete
|
Threat
|
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.
|
Edit |
Details |
Delete
|
Total Risk
|
The potential for the occurrence of an adverse event if no mitigating action is taken (i.e., the potential for any applicable threat to exploit a vulnerability)
|
Edit |
Details |
Delete
|
TRP
|
Technical Review Panels
|
Edit |
Details |
Delete
|
TTAC
|
Telecommunications and Technology Advisory Committee
|
Edit |
Details |
Delete
|
UC
|
University of California
|
Edit |
Details |
Delete
|
User
|
Individual, or (system) process acting on behalf of an individual, authorized to access an information system.
|
Edit |
Details |
Delete
|
Vendor (aka Third Party Provider)
|
Service providers, integrators, vendors, telecommunications, and infrastructure support that are external to the organization
|
Edit |
Details |
Delete
|
VESDA
|
Very Early Smoke Detection Apparatus
|
Edit |
Details |
Delete
|
Virtualization
|
The simulation of the software and/or hardware upon which other software runs.
|
Edit |
Details |
Delete
|
Vulnerability
|
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
|
Edit |
Details |
Delete
|
Vulnerability Assessment
|
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
|
Edit |
Details |
Delete
|
Warm Site
|
An environmentally conditioned work space that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption.
|
Edit |
Details |
Delete
|
WEDD
|
Workforce & Economic Development
|
Edit |
Details |
Delete
|
WestEd
|
|
Edit |
Details |
Delete
|
WIOA
|
Workforce Innovation and Opportunity Act (an EDD acronym)
|
Edit |
Details |
Delete
|
Wireless Technology
|
Technology that permits the transfer of information between separated points without physical connection. Wireless technologies include microwave, packet radio (ultra-high frequency or very high frequency), 802.11x, and Bluetooth.
|
Edit |
Details |
Delete
|
WPOA
|
Work Plan Objective Agreements
|
Edit |
Details |
Delete
|
xEnroll
|
Cross Enrollment
|
Edit |
Details |
Delete
|
z
|
Course Exchange (specifically, automated cross enrollment), Common Course Management System (Canvas)
|
Edit |
Details |
Delete
|