Items

Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess, government, which is required...

Answers to frequently asked questions about the WUSTL-SEn environment for CUI data at Washington University in St. Louis.

This page provides a high level overview of the steps required in order to ensure you comply with the security requirements for projects involving CUI.

The WashU CUI Management Plan covers the required safeguards for processing, storing, and transmitting CUI data, both physical and electronic.

A cyber threat is any act or event that could be harmful to an individual, organization, or even a country through...

A cybersecurity framework is a set of best practices adopted by an organization to better understand, manage, and reduce cybersecurity risk.

Data refers to facts or values that convey information.

A data breach happens when an unauthorized person or organization acquires,
accesses, or uses confidential information.

The policy and associated guidance provides an outline of the physical and logical security controls needed to reduce the risk of unauthorized access or use of systems in a WashU data center.

From an information security perspective, data classification is the categorization of data according to the severity of adverse effects should those data be disclosed, altered, or destroyed without authorization.

The organized categorization of data based on potential harm from unauthorized access, alteration, or destruction.

Data disposal is the process of removing, “sanitizing,” or deleting stored information.

A data management plan (DMP) is a document that specifies the following....

Everyone in the WashU community occupies the role of Data User.

The Deep Web refers to are parts of the internet, or the World Wide Web (www.) that don’t come up with a standard search engine search

Deidentified data has had all individual identifiers removed.

The systematic use of the knowledge or understanding gained from research directed toward the production of useful materials, devices, systems or methods . . .

This standard and associated guidance will provide a well-defined and organized approach for any IT infrastructure containing a digital certificate.

A digital signature is a type of electronic signature built with mathematical algorithms.

Domain-specific repositories store data so that it may be accessed by researchers, institutions, and publishers for a specific domain.

To enhance our information security, WashU IT will require an approved exception request form for both the Call Me and Passcode authentication methods of WashU Two-Factor Authentication (2FA).

The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.

Elevated permissions are privileges or rights that exceed the normal levels of access granted to an individual or group of users.

Encryption is the process of making information unreadable to all unauthorized users.

Encryption keys are used for encrypting or decrypting data.

The policy and associated guidance provide the practices WashU will utilize to protect the integrity and confidentiality of information stored, transmitted, transferred to portable media, and sent through messaging systems to entities external to the university.

This standard and associated guidance will provide the requirements to protecting the integrity and confidentiality of WashU information – at rest and in motion – stored, transmitted, transferred to portable media, and sent through messaging systems to entities outside of WashU.

This standard and associated guidance provides organized approach for managing assets nearing end of support in the WashU environment.

The European Union’s General Data Protection Regulation (GDPR) is a privacy and security law that applies to any organization that collects or uses data from EU residents.

In the policy exception request review process, our team works with the requestor to evaluate the risks that may arise because of the exception.

The policy and associated guidance provide a well-defined approach to review exception requests for published WashU Information Security policies, standards, and guidelines.

The Family Educational Rights and Privacy Act protects student information and gives individual students certain rights pertaining to their education records.

Under the Federal Information Security Modernization Act (FISM) federal agencies and those providing services on their behalf must develop, document, and implement security programs for information technology systems.

The purpose of this guideline is to provide administrators and users advice on choosing, implementing, and operating firewall technologies.

The regulations in FDA 21 CFR Part 11 set necessary criteria for electronic records and signatures to be considered reliable, trustworthy, and equivalent to paper versions.

The Data Protection Law Enforcement Directive and other rules concerning the protection of personal data.

If you need to report a phishing attempt in Gmail but don’t have the Phish Alert Button (PAB), follow these steps.

The Gramm-Leach Bliley Act requires financial institutions (i.e., organizations offering consumers financial products, advice, or insurance) to protect their customer’s personal information.

Guidelines provide recommended directions for meeting policies and standards.

Hardware refers to physical devices that connect to and interact with the WashU network.

The Health Insurance Portability and Accountability Act specifies requirements for the privacy and security of all individually identifiable patient health information in any form or media, whether electronic, paper, or oral.

HIPAA identifiers are 18 points of information that can be used to identify an individual or combined with other information to identify an individual.

Share your research securely to protect privacy and intellectual property, and to comply with applicable regulations.

Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service. (ITIL perspective)

Departments and schools should use this form when reporting a computer security incident that involves sensitive university information.

Information security is a combination of practices that protect information resources from unauthorized access, use, and modification.

Definitions of information security terms.

The policy and associated guidance provide a common methodology and organized approach to Information Security risk management whether based on regulatory compliance requirement or a threat to the university.