Items
CUI – What is it?
Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess, government, which is required...
CUI FAQ
Answers to frequently asked questions about the WUSTL-SEn environment for CUI data at Washington University in St. Louis.
CUI in Projects – Researcher Impacts
This page provides a high level overview of the steps required in order to ensure you comply with the security requirements for projects involving CUI.
CUI Management Plan
The WashU CUI Management Plan covers the required safeguards for processing, storing, and transmitting CUI data, both physical and electronic.
Cyber Threat
A cyber threat is any act or event that could be harmful to an individual, organization, or even a country through...
Cybersecurity Framework
A cybersecurity framework is a set of best practices adopted by an organization to better understand, manage, and reduce cybersecurity risk.
Data
Data refers to facts or values that convey information.
Data Breach
A data breach happens when an unauthorized person or organization acquires,
accesses, or uses confidential information.
Data Center Policy
The policy and associated guidance provides an outline of the physical and logical security controls needed to reduce the risk of unauthorized access or use of systems in a WashU data center.
Data Classification
From an information security perspective, data classification is the categorization of data according to the severity of adverse effects should those data be disclosed, altered, or destroyed without authorization.
Data Classification
The organized categorization of data based on potential harm from unauthorized access, alteration, or destruction.
Data Disposal
Data disposal is the process of removing, “sanitizing,” or deleting stored information.
Data Management Plan
A data management plan (DMP) is a document that specifies the following....
Data User
Everyone in the WashU community occupies the role of Data User.
Deep Web/Dark Web
The Deep Web refers to are parts of the internet, or the World Wide Web (www.) that don’t come up with a standard search engine search
Deidentified Data
Deidentified data has had all individual identifiers removed.
Development Research
The systematic use of the knowledge or understanding gained from research directed toward the production of useful materials, devices, systems or methods . . .
Digital Certificate Standard
This standard and associated guidance will provide a well-defined and organized approach for any IT infrastructure containing a digital certificate.
Digital Signature
A digital signature is a type of electronic signature built with mathematical algorithms.
Domain-Specific Repository
Domain-specific repositories store data so that it may be accessed by researchers, institutions, and publishers for a specific domain.
DUO Exception Request Form
To enhance our information security, WashU IT will require an approved exception request form for both the Call Me and Passcode authentication methods of WashU Two-Factor Authentication (2FA).
Electronic Messaging Security Policy
The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.
Elevated Permissions
Elevated permissions are privileges or rights that exceed the normal levels of access granted to an individual or group of users.
Encryption
Encryption is the process of making information unreadable to all unauthorized users.
Encryption Key
Encryption keys are used for encrypting or decrypting data.
Encryption Policy
The policy and associated guidance provide the practices WashU will utilize to protect the integrity and confidentiality of information stored, transmitted, transferred to portable media, and sent through messaging systems to entities external to the university.
Encryption Standard
This standard and associated guidance will provide the requirements to protecting the integrity and confidentiality of WashU information – at rest and in motion – stored, transmitted, transferred to portable media, and sent through messaging systems to entities outside of WashU.
End of Support Standard
This standard and associated guidance provides organized approach for managing assets nearing end of support in the WashU environment.
EU General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR) is a privacy and security law that applies to any organization that collects or uses data from EU residents.
Exception Form
In the policy exception request review process, our team works with the requestor to evaluate the risks that may arise because of the exception.
Exception Policy
The policy and associated guidance provide a well-defined approach to review exception requests for published WashU Information Security policies, standards, and guidelines.
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act protects student information and gives individual students certain rights pertaining to their education records.
Federal Information Security Modernization Act (FISMA)
Under the Federal Information Security Modernization Act (FISM) federal agencies and those providing services on their behalf must develop, document, and implement security programs for information technology systems.
Firewall Guidelines
The purpose of this guideline is to provide administrators and users advice on choosing, implementing, and operating firewall technologies.
Food and Drug Administration Code of Federal Regulations, Title 21, Part 11 (FDA 21 CFR Part 11)
The regulations in FDA 21 CFR Part 11 set necessary criteria for electronic records and signatures to be considered reliable, trustworthy, and equivalent to paper versions.
General Data Protection Regulation (GDPR)
The Data Protection Law Enforcement Directive and other rules concerning the protection of personal data.
Gmail
If you need to report a phishing attempt in Gmail but don’t have the Phish Alert Button (PAB), follow these steps.
Gramm-Leach Bliley Act (GLBA)
The Gramm-Leach Bliley Act requires financial institutions (i.e., organizations offering consumers financial products, advice, or insurance) to protect their customer’s personal information.
Guidelines
Guidelines provide recommended directions for meeting policies and standards.
Hardware
Hardware refers to physical devices that connect to and interact with the WashU network.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act specifies requirements for the privacy and security of all individually identifiable patient health information in any form or media, whether electronic, paper, or oral.
HIPAA Identifiers
HIPAA identifiers are 18 points of information that can be used to identify an individual or combined with other information to identify an individual.
How Can You Securely Share Your Research?
Share your research securely to protect privacy and intellectual property, and to comply with applicable regulations.
Incident
Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service. (ITIL perspective)
Incident Report
Departments and schools should use this form when reporting a computer security incident that involves sensitive university information.
Information Security
Information security is a combination of practices that protect information resources from unauthorized access, use, and modification.
Information Security Glossary
Definitions of information security terms.
Information Security Risk Management Policy
The policy and associated guidance provide a common methodology and organized approach to Information Security risk management whether based on regulatory compliance requirement or a threat to the university.