Versions Compared

Old Version 8

changes.mady.by.user Gabriel Hernandez

Saved on

compared with

New Version Current

changes.mady.by.user Gabriel Hernandez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Information Security Office Risk Assessment (ISORA) is a university wide risk assessment of Information Security to comply with State regulations.  The state and the university administration require the university to undergo an annual assessment of the university's information resources and measure the risk to those resources.  This process helps identify the security of systems with sensitive data.  As a "steward" of university data, you will be asked to classify data residing on your computer according to the Data Classification Standard.

University Data vs. Personal Data

According to the Data Classification StandardISORA answers should be based on university data.

...

Anchor
dataclass
dataclass
Data Classification

...

Confidential Data

University data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included:

...

  • Employee Information (e.g. Social Security Number)
  • Student data (e.g. grades, test scores, assignments)
  • Donor/Alumni Information (e.g. name, email, amount donated)

(see extended list of Category I data classification examples)

...

Controlled Data

University data not otherwise identified as Category-I Confidential data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific e-mail, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.

...

Published Data

University data that are not otherwise identified as Category-I or Category-II Confidential or Controlled data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.

...