ABack to top
AES
  • Advanced Encryption Standard.
AVST
  • Audio-visual surveillance technology.
Abuse
  • Excessive/improper use of a resource, or intentional destruction, diversion, manipulation, misapplication, or misuse of resources.
Accessibility
  • Web design criteria that support access not dependent on a single sense or ability, such as vision or hearing.
Accessible
  • Describes an electronic information resource that can be used in a variety of ways and does not depend on a single sense or ability.
Account
  • Information resource users are typically assigned log-on credentials which include, at the minimum, a unique username and password.
Active AVST Installation
  • Cameras or similar technology that are viewing/recording activities within the area of surveillance.
Administrator
  • Responsible for configuring, managing, overseeing and maintaining a computing environment or system. Responsibilities vary depending on an organization's requirements. This person should possess strong technical knowledge and skills.
Anonymous proxies
  • Tools that attempt to make activity on the internet untraceable.
Application
  • Component found in SPECTRIM that is a group of information resources with a similar security profile.
Approved Wireless Clients
  • Any wireless device that properly supports Networking and Information Security (NIS) installed 802.11 enterprise authentication and encryption or NIS-provided, web-based authentication.
Attack Scripts
  • Malicious code often written in common languages such as Java or ActiveX to exploit weaknesses in programs. Usually intended to cross network platforms.
Audiovisual Surveillance
  • Cameras or similar technology used to enhance security, safety, and quality of life for the TAMU campus community.
Authentication
  • Verification of the identity of an account owner by validating the correctness of submitted credentials. This is the process of establishing confidence in the identity of users or information systems. There are many ways to authenticate a user, including password, Smartcard, fingerprint, iris scan, or voice recognition.
BBack to top
Backhaul
  • Transmitting data beyond its normal destination point and back again to utilize network equipment not available at the destination location. Typically used to mask the location of the point of origin.
Breach of Security
  • Unauthorized access to information resources or information resources technologies and/or release of password or other confidential information related to computer security.
Business Function
  • Process or operation performed routinely to carry out a part of the mission of an organization.
Business Impact Analysis
  • Business impact analysis is the activity in business continuity management that identifies vital business functions and dependencies. These dependencies may include suppliers, people, other business processes, IT services, etc. Business impact analysis defines the recovery requirements for IT services. These requirements include recovery time objectives, recovery point objectives and minimum service level targets for each IT service. (ITIL Service Strategy)
CBack to top
CISO
  • Chief Information Security Officer.
Chain of Custody
  • A document or paper trail showing the seizure, custody, control, transfer, analysis and disposition of physical and electronic evidence.

Change
  • any implementation of new functionality, interruption of service, repair of existing functionality, or removal of existing functionality.
Classified National Security Information ("Classified")
  • Records, files, reports and other data or material relating to contracts between the system (and by extension the university) and the U.S. Government which are required by the contract, pursuant to Executive Order 12356 April 2, 1982, updated by Executive Order 13526, to be protected against unauthorized disclosure in the interest of national security.
Cloud Computing
  • A service that provides network access to a shared pool of configurable computing resources on demand, including networks, servers, storage, applications, or related technology services, that may be rapidly provisioned and released by the service provider with minimal effort and interaction. The term does not include telecommunications service or the act of hosting computing resources dedicated to a single purchaser (§2157.007(a), Texas Government Code). Cloud computing models include SaaS, PaaS, and IaaS.
Collection
  • Collection is the act of gathering ESI for further use in the E-Discovery process (process, review, etc).

Component
  • Makes up the Risk Assessable Unit (RAU). The three assessable components are application, location, and network.

Compromised System
  • Any system where unauthorized access has been achieved.
Confidential Information
  • Information that must be protected from unauthorized disclosure or public release based on state or federal law (e.g. the Texas Public Information Act and other constitutional, statutory, judicial, and legal agreements). Examples include personally identifiable information, such as a name in combination with Social Security number (SSN) and/or financial account numbers; student education records; intellectual property such as set forth in section 51.914 of the Texas Education Code; Medical Records.
Continuity of Operations
  • The ability of an organization to provide service and support for its customers and maintain its viability before, during, and after a business continuity event.

Controlled Information
  • Information not generally created or made available for public consumption but may or may not be subject to public disclosure through the Texas Public Information Act or similar laws. This type of information often requires the same security protection/controls as confidential information.
Cost Benefit Analysis
  • Cost benefit analysis (CBA), sometimes called benefit cost analysis (BCA), is a systematic approach to estimating the strengths and weaknesses of alternatives (for example in transactions, activities, functional business requirements). It is used to determine options that provide the best approach to achieve benefits while preserving savings. The CBA is also defined as a systematic process for calculating and comparing benefits and costs of a decision, policy (with particular regard to government policy) or (in general) project. Broadly, CBA has two main purposes: 1. to determine if an investment/decision is sound (justification/feasibility) by verifying whether its benefits outweigh the costs, and by how much; 2. to provide a basis for comparing projects,which involves comparing the total expected cost of each option against its total expected benefits.
Critical Infrastructure Functions
  • University-wide functions that must continue uninterrupted or can be resumed within a few hours. Examples of critical infrastructure include: - Emergency response services; - Utilities, including electricity, water, and reasonable climate control; - Communications with internal and external audiences to include students, faculty, staff, and media; - Internet, authentication, and voice communications; - Hazardous materials spill response and control to include safe handling and proper disposal of toxic substances, biologically hazardous materials, and radioactive materials.
Custodian of an Information Resource
  • A person responsible for implementing owner-defined controls and access to an information resource. Custodians may include university employees, vendors, and any third party acting as an agent of – or otherwise on behalf of – the university and/or the owner.
DBack to top
D-RAC
  • A liaison between his/her college or division and Texas A&M IT Risk Management and Policy (IT-RMP) concerning the annual IT risk assessment process. Responsible for coordinating/managing the IT risk assessment process (outlined in the Information Security Risk Assessment Procedures) for the college or division. This includes:

    • Ensuring there is an accurate inventory list of all information resources for the college or division
    • Coordinating with and assisting staff and faculty within the college or division to accurately perform an information security risk assessment for their the information resources
    • Consulting with IT-RMP to add the information and complete the on-line assessment process using the provided IT risk assessment tool
    • Monitoring the progress of all assessments for the college or division from beginning to completion to ensure due dates are met

    The number of D-RACs per college or division is determined by IT-RMP, in consultation with the college or division,  based on the IT environment.

Data at Rest
  • Data recorded on storage media, such as hard drives, disks, desktop computers, laptop computers, USB flash drives, file servers, databases, et al.
Data in Transit
  • Data electronically transferred between two hosts, including data traversing the internet.
Department of Information Resources (DIR)
  • State agency that operates and maintains SPECTRIM.
Descriptive Data (e.g., logs)
  • Information created by a computer system or other information resource that is electronically captured and relates to the operation of the system and/or movement of files, regardless of format, across or between a computer system or systems. Examples of captured information are dates, times, file size and locations sent to and from.
Developer
  • A developer is an individual that builds and create software and applications. He or she writes, debugs and executes the source code of a software application. A developer is also known as a software developer, computer programmer, programmer, software coder or software engineer. There may be different types of developers. For example: -A software developer is someone who creates software programs. -A web developer is a person who builds and maintains websites. -A content developer, also called a content producer, is someone who creates publishable content.
Digital Certificate
  • A certificate, as defined in Texas Administrative Code, Chapter 203, Subchapter A, §203.1, issued by a business unit for purposes of electronic commerce.
Digital Signature
  • An electronic identifier intended to have the same force and effect as the use of a manual signature (Texas Government Code 2054.60). Digital signatures verify the trustworthiness of information (e.g. sender and content integrity).
Division
  • A unit level in SPECTRIM that represents a college, division, school, and/or branch campus (i.e. Galveston, Qatar) of Texas A&M University. Divisions are below the Organization level in SPECTRIM. SPECTRIM automatically assigns a unique identifying Division number to each Division within an Organization.
EBack to top
E-Discovery Questionnaire/Hold questionnaire
  • A questionnaire to be filled out by the named person. The hold questionnaire will list examples of the common types of places where relevant ESI might be stored, and will ask the named person to identify where the named person has relevant ESI stored in those types of places.

ESI Preservation Coordinator
  • The individual responsible for facilitating university IT Preservation Hold activities and acts as a liaison to the Office of General Counsel on behalf of the Institution.

Electronic Signature
  • An electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record (Texas Business and Commerce Code 322.002).

Electronically Stored Information/ESI
  • Electronically Stored Information, or ESI, is a broad term applicable to all information stored electronically, however, email communication and files are the most common types of ESI.

Encryption (Encrypt, Encipher, or Encode)
  • The process by which plain text information is converted to a form not readable by humans (i.e., ciphertext) through the use of a mathematical process (encryption algorithm) and a parameter (encryption key).

Essential Functions
  • Defined in the Institutional Continuity Plan (Annex J) as functions that must be either Uninterrupted or resumed within a few hours of an incident.

    Essential Functions support:

    • Emergency Response Services,
    • Utilities to include electricity, water, and reasonable climate control,
    • Communications with internal and external audiences to include students, faculty, staff and the media,
    • Internet, authentication, and voice communications,
    • Hazardous materials spill response and control, to include safe handling and proper disposal of toxic substances, biologically hazardous materials, and radioactive materials.
Essential IT Service
  • An IT service with a Recovery Time Objective of less than 12 hours and one required to support the critical infrastructure functions of the university.

FBack to top
Family Educational Rights to Privacy Act of 1974 (FERPA)
  • Refer to the University Catalog (http://catalog.tamu.edu//), pages 1039-1040 for definitions regarding FERPA.

File Owner
  • Holder (assignee) of the computer account that controls a file. Not necessarily the owner in the sense of property.
Firewall
  • A software or hardware device or system that filters communications between networks that have different security domains based on a defined set of rules. A firewall may be configured to deny, permit, encrypt, decrypt, or serve as an intermediary (proxy) for network traffic.
Fraud
  • Any intentional act or omission designed to deceive others and which results in the victim suffering a loss and/or the perpetrator achieving a gain (i.e., a willful or deliberate act or failure to act with the intention of obtaining an unauthorized benefit, such as money or property, by deception or other unethical means). For purposes of this rule, fraud and fraudulent activities include – but are not limited to – such things as theft of any system asset including money, tangible property, time, trade secrets and intellectual property; embezzlement; bribery/rebate/kickback; misappropriation, misapplication, destruction, removal or concealment of university property; forgery, alteration or falsification of documents; and/or conflicts of interests.
GBack to top
Google Vault
  • The section of Google Apps Suite where Gmail and Google Drive data can be placed on hold.

Guest Wireless Access Accounts
  • Access for individuals who do not have an affiliation with Texas A&M University or an eduroam federated institution.
HBack to top
Harmful Access
  • Creating a computer malfunction or interruption of operation; alteration, damage, or destruction of data; or injection of malicious software.
Hold
  • A common term used by OGC and email platforms alike to refer to the act of preserving ESI.

Host-Based Firewall
  • Software that functions on a single host (i.e., a single computer, including laptop computers) that can permit or deny incoming or outgoing traffic to or from only that host (as opposed to a network-based firewall which protects one or more networks of hosts).
Hosted Service
  • Outsourced information technology (IT) systems and functions. A hosted service provider owns and oversees infrastructure, software and administrative tasks and makes the system available to clients. The three main elements of hosted services are software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS). In combination, the three elements encompass software and network capacity as well as the equipment used to support operations, including storage, hardware, servers and networking components.
IBack to top
IETF
  • Internet Engineering Task Force.
IT Disaster Recovery Plan (IT DRP)
  • Department/unit-level plan that is focused on the overall recovery of Electronic Information Resources supported by the department/unit.

IT Professional
  • A staff or faculty member whose primary duties are to manage information systems or directly support, in the technical sense, personnel who manage information resources (e.g. Database Administrator, Systems Analyst, Web Developer, etc.)
IT Service
  • Made up of a combination of information technology, people, and processes. A customer-facing IT service directly supports the business processes of one or more customers. Other IT services, called supporting services, are not directly used by the business, but are required by the service provider to deliver customer-facing services.

ITRM
  • Office of Information Technology Risk Management of Networking and Information Services.
Identification
  • Identification is the act of locating potential sources of ESI & determining its scope, breadth & depth.

In-Place Hold
  • A feature of Microsoft Exchange, introduced in Microsoft Exchange 2013, that places mailboxes on hold within the platform. In-Place Holds are the preferred method of placing user mailboxes on hold.

Information Resource Owner
  • A person responsible for a business function and for determining controls and access to information resources supporting that business function.
Information Resource User
  • An individual or automated application authorized to access an information resource in accordance with the owner-defined controls and access rules.
Information Resources (IR)
  • The procedures, computer equipment, computing facilities, software and data which are purchased, designed, built, operated and maintained to collect, record, process, store, retrieve, display, report and transmit information.
Information Resources Crisis (formerly incident)
  • A situation declared as a crisis by designated Texas A&M IT personnel.
Information System
  • A discrete set of information resources organized for the management and processing of information supporting a defined business, academic, or research function.
Information System Contingency Plan (ISCP)
  • Establishes procedures to recover a Mission Critical Electronic Information Resource or Essential IT Service or a grouping of interdependent IT Services following a disruption.

Information Technology
  • Any equipment or interconnected system or subsystem of equipment used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information.The term includes computers (including desktop and laptop computers), ancillary equipment, desktop software, client-server software, mainframe software, web application software and other types of software, firmware and similar procedures, services (including support services), and related resources (TAC 213.1 (9)).
Infrastructure as a Service (IaaS)
  • Capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls) (NIST 800-145 September 2011).
Inherent risk
  • The risk that an activity/event would pose if no controls or other mitigating factors were in place (the gross risk or risk before implementation of controls).
Internet Service Provider (ISP)
  • A company that provides access to the internet.
KBack to top
Key Public Entry Point (KPEP)
  • Web page that a state agency or institution of higher education has specifically designed for members of the general public to access official information (e.g., the governing or authoritative documents) from the agency or institution of higher education. A list of these pages can be found at http://itaccessibility.tamu.edu/requirements/kpep.php.
LBack to top
Litigation Hold
  • A feature introduced in Microsoft Exchange 2010 that places mailboxes on hold within the platform. This type of hold is gradually being phased out on TAMU Exchange.

Location
  • A type of component found in SPECTRIM and can also be called a Facility. Where information resources are located.
Logon ID
  • A user name that is required as the first step for logging in to a secure system. Generally, a logon ID must be associated with a password to be of any use.
MBack to top
Malicious code
  • Software designed to operate in a manner inconsistent with intentions of the user and which typically results in annoyance or damage to the user's information systems. Examples include attack scripts, rootkits, spyware, trojan horses, viruses and worms.
Matter
  • Refers to any issue handled by OGC that requires the preservation and potential production of ESI. A matter might be a lawsuit that has been filed, or the reasonable anticipation of litigation.

Media
  • Materials that hold data in any form or allow data to pass through, including paper, transparencies, multipart forms, hard/floppy/optical disks, magnetic tape, wire, cable and fiber.

Metadata
  • Data about data. Index-type data used to identify, describe, locate, or preserve (other) data over time.
Mission Critical Information
  • Information defined by the information resource owner (or by the University for Essential IT Services) to be crucial to the continued performance of the mission of the department/unit. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission-critical information would result in consequences such as significant financial loss, institutional embarrassment, failure to comply with regulations or legal obligations, or closure of the department/unit.

NBack to top
NIST
  • The Texas A&M Information Security Controls, adopted from state requirements, align with the National Institute of Standards and Technology (NIST) Special Publication 800-53 Version 4 (NIST SP 800-53 Rev. 4). The risk assessment tool provided by the state, SPECTRIM, utilizes questions based on NIST SP 800-53 Rev. 4.
Named Person/Custodian
  • Refers to any person who has been asked to preserve ESI as part of a preservation hold.

Network
  • A type of component found in SPECTRIM that makes up hardware and software resources of a network.
Network Attached Wireless Device
  • Any device connecting to a Texas A&M Ethernet port with wireless capabilities that extend across the Texas A&M network.
Network Perimeter
  • The border between one network and another. Typically a boundary (interface) between the private and locally-managed-and-owned side of a network and the public side of a network.
Network Scanning
  • The border between one network and another. Typically a boundary (interface) between the private and locally-managed-and-owned side of a network and the public side of a network.
Network Vulnerability Assessments
  • Assessing network scanning data to determine the presence of security vulnerabilities in the information system.
Non-IT Professional
  • A staff or faculty member whose primary duties do not include directly supporting an information resource (e.g. research scientist, lecturer, professor, etc.)
OBack to top
OGC
  • OGC refers to The Texas A&M University System - Office of General Counsel

Organization
  • Top unit level in SPECTRIM that represents a state agency or institute of higher education. SPECTRIM automatically assigns a unique identifying number to each Organization. 711 is the Organization number for Texas A&M University.
PBack to top
Peer-to-Peer (P2P) File Sharing Software
  • Computer software, other than computer and network operating systems, with a primary function of allowing the computer on which the software is used to designate files available for transmission to another computer using the software, to transmit files directly to another computer using the software, and to request transmission of files from another computer using the software.
Personally Identifiable Information (PII)
  • Information that alone — or in conjunction with other information — identifies an individual, including an individual's name, social security number, date of birth, or government-issued identification number; mother's maiden name; unique biometric data, including the individual's fingerprint, voice print, and retina or iris image; unique electronic identification number, address, or routing code; and telecommunication access device as defined by Section 32.51, Texas Penal Code.
Platform
  • Collective term for computer hardware and software components of a particular system. A platform includes a hardware architecture and a software framework (including application frameworks), where the combination allows software, particularly application software, to run. Typical platforms include a computer architecture, operating system, programming languages and related user interface (run-time system libraries or graphical user interface). Examples of common platforms would include servers, desktop/workstations, laptops, tablets, and smartphones. Special-purpose platforms include routers, remote access servers and database servers.
Platform as a Service (PaaS)
  • Capability provided to the consumer to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment (NIST 800-145 September 2011).
Portable Computing Device
  • An easily portable device capable of capturing, processing, storing, and transmitting data to and from Texas A&M University information resources. This includes, but is not limited to: laptops, Personal Digital Assistants (PDAs), and smartphones.
Portable Storage Device
  • An easily portable device that stores electronic data. This includes, but is not limited to: flash/thumb drives, iPods, tablets, CD-Rs/CD-RWs, DVDs, and removable disk drives.
Preservation
  • Preservation is the act of ensuring ESI is protected against inappropriate alteration or destruction

Preservation Hold
  • A notice from OGC to one or more persons (the “named persons”) and the institution for which they work to preserve documents and ESI pursuant to a matter. The short “hold” may be used in this context, however, that term is not contextually specific alone.

Preservation Letter
  • The document OGC sends to a person placing that person under a preservation hold. The preservation letter describes the documents and ESI to be preserved.

Preservation Personnel
  • Employees of an Institution with roles and duties important to the preservation effort. Preservation personnel typically include employees involved with employee hiring/transfer/termination, such as the Human Resources Director and the Provost. It also typically includes IT people responsible for the automatic purging of accounts and deletion of data, such as email administrators, account administrators, desktop technicians, and the help desk.

Privileged Account
  • Account assigned to a user that by virtue of function, and/or seniority, has been allocated powers within the computer system, which are significantly greater than those available to the majority of users (e.g., system administrators).
Protected Health Information (PHI)
  • Any patient information, including very basic information such as name or address, that (1) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and (2) either identifies the individual or could reasonably be used to identify the individual.
Public Information
  • Includes all information made available to the public through posting to public websites or social media, distribution through email, print publications or other media. This classification also includes information for which public disclosure is intended or required for public release as described in the Texas Public Information Act.
Public Location or Public Network
  • Electronic location (such as a network) wherein anyone, namely the general public, has access and through it can connect, without specific credentials, to other networks or the internet or gain access to electronic information.
RBack to top
Record
  • A file in SPECTRIM. A record can be a component (i.e. Application, Location, Network), component assessment, Finding, Division, RAU, Support Request, user account, etc. Records can be linked together in SPECTRIM so information does not have to be re-created each time.
Recovery Point Objective
  • Acceptable amount of data loss measured in time. Unless requested for by the information resource owner, offsite storage of daily incremental and full weekly backups are only taken off site once a week. (ITIL Service Design) (ITIL Service Operation)
Recovery Time Objective
  • The maximum time allowed for the recovery of an IT service following an interruption. The service level to be provided may be less than normal service level targets. Recovery time objectives for each IT service should be negotiated, agreed and documented. See also business impact analysis. (ITIL Service Design) (ITIL Service Operation)
Remote Access
  • The act of using a computing device to access another computer/network from outside of its established security realm (e.g., authentication mechanism, firewall, or encryption).
Research Collaborators
  • A grouping of researchers for the purpose of achieving a common goal.
Research Partner
  • Individuals, commercial enterprises, or other entities that are not recognized as university departments and who have agreements with the university Vice-President for Research.
Residual Risk
  • The risk that remains after implemented controls are taken into account (the net risk or risk after controls have been implemented). Residual risk is the threat that remains after all efforts to identify and eliminate risk (e.g., controls implemented) have been made.
Risk Appetite
  • The level of tolerance an organization has for risk. Aspects include how much risk an organization is willing to tolerate, and how much an organization is willing to invest or spend to manage/mitigate the risk.
Risk Assessable Unit (RAU)
  • The lowest IT unit level in SPECTRIM to split a Division and is generally a department within a college or division. The RAU helps focus on a single assessable unit. There are special circumstances where this may not apply, such as cases where all information resources are owned and managed at the college or division level. The number of RAUs will depend on the Division IT environment.
Risk Management Decision
  • Coordinated activities to direct and control an organization with regard to risk. NOTE: Risk management typically includes risk assessment, risk treatment, risk acceptance, and risk communication.
Risk Tolerance
  • The level of risk, types of risk, and degree of risk uncertainty that are acceptable to the organization.
Rootkit
  • Pieces of malicious code that install themselves in the core operating system of a computer and are very hard to detect since they appear to be normal system files.
SBack to top
SPECTRIM
  • SPECTRIM (Statewide Portal for Enterprise Cybersecurity Threat, Risk and Incident Management) is the statewide portal for enterprise cybersecurity threat, risk, and incident management. SPECTRIM is the web-based tool that Texas A&M University uses for annual Information Technology (IT) risk assessments as of FY 2016. It is provided by the Department of Information Resources (DIR).
Security Incident Reporting (SIRS)
  • Electronic system for reporting (after the fact, after- action) incidents in compliance with Texas Department of Information Resources (DIR) regulations.
Security Patch
  • A change to a program that eliminates a vulnerability exploited by malicious hackers.
Self-Contained, Closed Products
  • Products that generally have embedded software and commonly designed in such a fashion that a user cannot easily attach or install assistive technology. These products include, but are not limited to, information kiosks and information transaction machines, copiers, printers, calculators, fax machines, and other similar products.
Server
  • Computer or program that supplies data or resources to other machines on a network.
Significant Information Security Incident
  • An information security incident is considered significant if it meets one or more of the following criteria: -involves actual or suspected unauthorized disclosure of confidential information; -involves consequential legal issues; -may cause severe disruption to unit mission-critical services or university wide Essential IT services; -involves active threats; -is widespread; -is likely to raise public interest
Software
  • A computer program that provides the instructions enabling the computer hardware to work. System software, such as Windows or MacOS, operate the machine itself, and applications software, such as spreadsheet or word processing programs, provide specific functionality.
Software as a Service (SaaS)
  • Capability provided to the consumer to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings (NIST 800145 September 2011).
Spyware
  • Software installed without the user’s knowledge or permission to capture and reveal information to someone outside the computer system. It can do such things as capture keystrokes while typing passwords, read and track email, record sites visited, and pass along credit card numbers. It can be installed by Trojan horses or viruses, installed as part of freeware or shareware programs that are downloaded and executed, or installed by advertising agencies to assist in sending targeted advertising to a computing device.
TBack to top
TRAIL
  • The Texas Records and Information Locator and Electronic Depository Program (TRAIL/EDP) is an automated system used to collect, index, and preserve electronic state publications. To ensure that publications are appropriately harvested and indexed, a publishing entity must include metadata in its online publications.
Texas A&M Information Technology Project Management Office (IT-PMO)
  • Established to manage and mitigate risk through development and support of project management knowledge, processes and tools for the University. The IT-PMO has been assigned by the Associate Vice President for Information Technology and Chief Information Officer to be responsible for publishing guidelines on and assisting with monitoring the effectiveness of information resource project and portfolio management practices at the University.
Texas A&M University (TAMU) Web Site
  • A TAMU owned, operated by/or for, or funded Web site connected to the internet, including the home page and any key public entry points.

Texas A&M University IT Disaster Recovery Plan
  • Limited to Essential IT Services supporting essential functions as defined by Institutional Continuity Plan (Annex J) of the Texas A&M University Emergency Operation Plan. Organizations that support Essential IT Services shall maintain their own procedures and actively participate in the training, exercise, and maintenance needed to support this plan.

Texas A&M University IT Disaster Recovery Program
  • Builds on Institutional Continuity Plan (Annex J) of the Texas A&M University Emergency Operation Plan by providing guidance and templates to relate a business function's Recovery Time Objective (RTO) and Recovery Point Objective (RPO) to the IT services that support department/unit business functions.

Third Party
  • Individual or entity who is not a university employee, i.e., vendors or other individuals acting in a capacity other than a university employee.
Third-Party Vendor
  • An individual or organization separate from the two principals involved. A third party is typically a company that provides an auxiliary product or service not supplied by the primary provider to the end user (the two principals).
Trojan Horses
  • These hide malicious code inside a host program that appears to do something useful.
UBack to top
Unauthorized Access
  • Access into any computer, network, storage medium, system, program, file, user area, or other private repository, without the express permission of the owner.
Unauthorized Access Point
  • Any wireless bridge, switch or router connected to the Texas A&M network that is not installed, supported or approved by NIS.
Unit
  • A Texas A&M University (Texas A&M) organization, or affiliate, that is managed by an employee with hiring and firing authority. Examples are a division, a department, a research center, and others.
University Campus Homepage
  • The main page for Texas A&M University, College Station; Texas A&M University, Galveston; or Texas A&M University at Qatar.
University Data
  • Data or information that is in the possession or under the control of an individual (i.e., owner, custodian, or user) by virtue of that person’s employment or affiliation with the university.

University Electronic Directory
  • Also known as Enterprise Directory, this is used to manage NetID accounts and email account aliases for personnel with an active, close affiliation to the university; former students; guests and parents; and organizations and roles.
University Network User
  • Anyone owning and/or responsible for the operation of a computer attached to the Texas A&M University network.
Usability
  • Web design criteria that support user performance, ease of navigation, and understandability.
User Data
  • User-generated electronic forms of information that may be found in the content of a message, document, file, or other form of electronically-stored or transmitted information.
VBack to top
Vendor
  • Individual or entity who has a contract with the university to provide goods or services for compensation. This term excludes contract employees.
Virus
  • Code that attaches to host programs and propagates when an infected program is executed.
WBack to top
W3C
  • World Wide Web Consortium.
Waste
  • Intentional or unintentional, thoughtless or careless expenditure, consumption, mismanagement, use or squandering of resources to the detriment of the organization. Waste also includes incurring unnecessary costs as a result of inefficient or ineffective practices, systems or controls.
Wireless Access
  • Type of wireless computer network that uses high-frequency radio waves rather than wires to communicate between nodes. A wireless computer network spans a relatively small area using one or more of the following technologies to access the information resources systems: Wireless Local Area Networks (based on the IEEE 802.11 family of standards); Wireless Personal Area Networks (based on the Bluetooth and/or Infrared (IR) technologies); and/or Wireless Handheld Devices which include text-messaging devices, personal digital assistants (PDAs) and smartphones.
Worms
  • Particular to networked computers to carry out pre-programmed attacks that migrate across the network.