Abuse of Privilege: When a user willfully performs an action prohibited by organizational policy or law, even if technical controls are insufficient to prevent the user from performing the action.
Artificial Intelligence: A machine-based system, that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. Artificial intelligence systems use machine- and human-based inputs to perceive real and virtual environments; abstract such perceptions into models through analysis in an automated manner; and use model inference to formulate options for information or action. The definition does not include basic calculations like Excel formulas, basic automation, or pre-recorded response systems.
Artificial Intelligence System: Any technology system, whether developed internally or obtained from a third party, that utilizes an artificial intelligence technology.
Asset: Anything that has value to an organization including, but not limited to, another organization, person, computing device, information technology (IT) system, IT network, IT circuit, software (both an installed instance and a physical instance), virtual computing platform (common in cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards).
Authentication: The process of establishing confidence in the identity of users or information systems.
Authentication Factors: Something you know, something you have, and something you are. See “Multi-Factor Authentication” .
Authentication Method: The authentication mechanism used at the time of user account login.
Authenticator: Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity (e.g., token).
Authorization: Access privileges granted to a user, program, or process or the act of granting those privileges.
Availability: reliable and timely access to data, systems, and resources.
Backup: Copy of files and applications made to avoid loss of data and facilitate recovery in the event of a disruption.
Business Continuity Plan: A plan which allows critical business functions to continue in the event primary business facilities or resources are not available.
Business Impact Analysis: An analysis which identifies information, applications, processes, and systems required to support critical business processes and functions.
Change: Any implementation of new functionality, interruption of service, repair of existing functionality, or removal of existing functionality.
Change Management: The process of controlling modifications to hardware, software, firmware, and documentation to ensure that information systems are protected against improper modification before, during and after system implementation.
Cyber Incident Response Team (CIRT): Personnel responsible for coordinating the response to computer security incidents in an organization.
Commercial off the Shelf (COTS): Software that is commercially available from a vendor.
Computer Security Event: An anomaly that has been reported or noticed in a system or network.
Computer Security Incident: A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. A computer security incident is also defined as any event that adversely affects the confidentiality, integrity, or availability of system and its data.
Confidentiality: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Continuity of Operations Plan: Clearly defined steps an organization will take during times of disruption to ensure they can continue their operations.
Cookie: A unique text file stored on a user's computer by an Internet browser. These text files are used as a means of distinguishing among users of a website and as a means of customizing the website according to the user's preferences and interests. A cookie will not include personal information unless the user has volunteered that information.
Countermeasure: safeguard put into place to mitigate risk to information and systems. Examples of technical countermeasures may include firewalls, intrusion prevention systems and access.
Critical Incidents: Critical incidents include the following: A sudden, unexpected event requiring action due to potential threat to health and safety, the environment, or property. A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization’s profitability, reputation, or ability to operate. A sudden, unplanned, calamitous event causing great damage or loss. Critical incidents can also include an “Emergency” as defined in the New York State Finance Law, Section 163, which means an urgent and unexpected requirement where health and public safety or the conservation of public resources is at risk.
Critical Infrastructure: Systems and assets, whether physical or virtual, so vital to Ulster County that the incapacity or destruction of such systems and assets would have a debilitating impact on security, economic security, public health or safety, or any combination of those matters.
Criticality: The degree to which a County Entity depends on the information or information system for the success of a mission or of a business function.
Custodian: A person or entity who is responsible for a device or data.
Data: A subset of information in an electronic format that allows it to be retrieved or transmitted.
Disaster Recovery Plan: The preplanned sequence of events that allows for the recovery of an information system facility and information systems and applications.
Electronic Mail (email): Any message, image, form, attachment, data, or other communication sent, received, or stored within an electronic mail system.
Electronic Mail System: Any computer software application that allows electronic mail to be communicated from one computing system to another.
Emergency Change: When an unauthorized immediate response to imminent critical system failure is needed to prevent widespread service disruption.
Firewall: A rule-based hardware or software control device that acts as a barrier between two or more segments of a computer network or overall client/server architecture, used to protect internal networks or network segments from unauthorized users or processes.
Host: A computer system that provides computer services for one or more users.
Identity Access Management (IAM): The task of controlling information about users on computers. Such information includes information that authenticates the identity of a user, and information that describes information and actions they are authorized to access and/or perform. It also includes the management of information about the user and how and by whom that information can be accessed and modified.
Incident Command System: A standardized approach to the command, control, and coordination of emergency response, providing a common hierarchy within which responders from multiple agencies can be effective.
Incident Response: The manual and automated procedures used to respond to reported network intrusions (real or suspected); network failures and errors; and other undesirable events.
Incident Response Stakeholders: IR Stakeholders are any individuals‚ technical or non- technical, directly responding to or overseeing IR activities.
Information: Any data, regardless of form, that is created, contained in, or processed by, information systems facilities, communications networks, or storage media.
Information Attack: An attempt to bypass the physical or information security measures and controls protecting a system. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.
Information Classification: Ulster County Information is categorized into four pre-defined classes of Confidential, Sensitive, Internal Use, and Public Use, to categorize data and convey the required safeguards for information. The assigned classification levels to County information guide the development of applicable security policy, controls, and standards to ensure the confidentiality, integrity, and availability of the information.
Information Security: practice of safeguarding an organization's information from unauthorized access, modification, or destruction.
Information Security Office (ISO): Responsible for developing, implementing, and managing an organization's cybersecurity policies, practices, and risk management strategies to protect data, systems, and assets from unauthorized access, threats, and breaches.
Information Systems (IS): Any and all computer-related equipment and components involving devices capable of managing, transmitting, receiving or storing information or data including, but not limited to, a USB drive, CD-R, laptop or personal computer, smartphones, personal digital assistant (PDA), cell phone, handheld computer, servers and computer printouts. Additionally, it is the procedures, equipment, facilities, software, and data that are designed, built, operated and maintained to create, collect, record, process, store, retrieve, display and transmit information.
Information Technology: Shall have the same meaning as set forth in 40 U.S.C. § 11101(6): (A) any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by a State Entity, if the equipment is used by the State Entity directly or is used by a contractor under a contract with the State Entity that requires the use (1) of that equipment; or (2) of that equipment to a significant extent in the performance of a service or the furnishing of a product; (B) includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but (C) does not include any equipment acquired by a State contractor incidental to a State contract.
Information Technology Resources: Equipment, software or services used to input, store, process, transmit, and output information, including, but not limited to, desktops, laptops, mobile devices, servers, telephones, fax machines, copiers, printers, Internet, email, and social media sites.
Integrity: condition of undiminished accuracy, reliability, and protection from unauthorized access or modification.
Internal Security Controls: Ensures that an agency’s information systems are being adequately secured, based on risk management, as directed by the ISO acting on delegated authority for risk management decisions.
Internet: A global system interconnecting computers and computer networks. The computers and networks are owned separately by a host of organizations, government agencies, companies and educational institutions.
Internet of Things: The "Internet of Things" (IoT) refers to technology implementations in which network and computing capability is extended to non-traditional devices, rather than non-traditional computing devices such as computers, smartphones, and tablets, allowing these devices to create, transmit and receive data through the internet. Examples of devices that may fall into the scope of "Internet of Things" include security systems, environmental monitoring sensors, vehicles, electronic appliances, vending machines and more.
Intranet: A private network for communications and sharing of information that, like the Internet, is based on TCP/IP, but is accessible only to authorized users within an organization. An organization’s Intranet is usually protected from external access by a firewall.
ISO: Information Security Officer
ITSM: IT Service Management is a set of practices designed to plan, deliver, manage, and improve IT services to meet business needs efficiently and effectively.
Least Privilege: Granting users, programs or processes only the access they specifically need to perform their business task and no more.
Local Area Network (LAN): A data communications network spanning a limited geographical area, a few miles at most. It provides communication between computers and peripherals at relatively high data rates and relatively low error rates.
Machine Learning: A type of artificial intelligence that gives computers the ability to learn without being programmed by humans.
Multi-Factor Authentication (MFA): MFA is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.
Off-site Storage: Based on data criticality, off-site storage should be in a geographically different location from the Ulster County cluster of office spaces that does not share the same disaster threat event. Based on an assessment of the data backed up, removing the backup media from the building and storing it in another secured location.
Owner: The manager or agent responsible for the function, which is supported by the resource, the individual upon whom responsibility rests for carrying out the program that uses the resources. The owner is responsible for establishing the controls that provide the security. The owner of a collection of information is the person responsible for the business results of that system or the business use of the information. Where appropriate, ownership may be shared by managers of different departments.
Passphrase: A passphrase is a memorized secret consisting of a sequence of words, phrases or other text that a person uses to authenticate their identity. Similar to a password in usage, it is generally much more secure due to its tendency to contain many more characters.
Password: A string of characters which serves as authentication of a person’s identity, which may be used to grant, or deny, access to private or shared data.
Password Expiration: The frequency in which a user is required to choose a new password (i.e., forced to change the password after x days).
Patch Management: Vulnerabilities that can be addressed by a software or firmware update (patch) and applies to all software used on Ulster County systems.
Personally Identifiable Information (PII): information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. Examples include name, social security number, date or place of birth, mother’s maiden name, and other information.
Portable Computing Device: Any easily portable device that can receive and/or transmitting data to and from Information systems. These include, but are not limited to, laptop computer, notebook computers, handheld computers, tablets, smartphones, PDAs, pagers, and cell phones.
Privacy: control over the extent, timing, and circumstances of sharing oneself – physically, behaviorally, or intellectually with others. Typically, is related to individual autonomy and a person’s constitutional right to control their own information, including decisions of when and whether to share personal information, how much information to share, the circumstances under which that information can be shared, and with whom it should be shared.
Production System: A computer system used to process an organization’s daily work. Contrast with a system used only for development and testing or for ad hoc inquiries and analysis.
Remote Access: The ability to access non-public computing resources from locations other than the County’s internal network.
Risk: the capability and likelihood of a threat or vulnerability compromising the confidentiality, integrity and availability of information and systems. Risk analysis evaluates the probability of a vulnerability or threat resulting in an unfavorable business impact.
Risk Assessment: The process of identifying threats to information or information systems, determining the likelihood of occurrence of the threat, and identifying system vulnerabilities that could be exploited by the threat.
Risk Management: A process that includes taking actions to assess risk and avoid or reduce risk to acceptable levels.
Scheduled Change: Formal notification received, reviewed, and approved by the review process in advance of the change being made.
Security Administrator: The person charged with monitoring and implementing security controls and procedures for a system.
Security Incident: A successful or unsuccessful unauthorized entry or information system attack. Security incidents may include unauthorized probing and browsing, disruption or denial of service, altered or destroyed input, processing, storage, or output of information, or changes to information system hardware, firmware, or software characteristics with or without the users’ knowledge, instruction, or intent. An incident may also include any violation of security policy or acceptable use agreements.
Server: A server is a system that provides services to client systems. The computer that a server program runs in is also frequently referred to as a server (though it may contain a number of servers and client programs).
Service Set Identifier (SSID): The public name of a wireless (WiFi) network. All of the wireless devices on a Wireless Local Area Network (WLAN) shall employ the same SSID in order to communicate with each other. SSIDs are also referred to as a network name because essentially it is a name that identifies a wireless network.
Separation of Duties (SoD): refers to the principle of dividing responsibilities and tasks related to the implementation and approval of changes across different individuals or groups. The goal of SoD is to establish a system of checks and balances that prevents conflicts of interest and reduces the risk of errors, fraud, or unauthorized changes
Spam: Mass-delivered, unrequested advertising delivered via email.
Strong Passwords: A password that is not easily guessed. It is normally constructed of a sequence of characters, numbers, and special characters, depending on the capabilities of the operating system. Typically, the longer the password the stronger it is. Passwords should never be a name, dictionary word in any language, an acronym, a proper name, a number, or be linked to any personal information about you such as a birth date, Social Security number, etc. NOTE: Passphrases tend to be a more secure option due to their length.
System Administrator: Person responsible for the effective operation and maintenance of information systems, including implementation of standard procedures and controls to enforce an organization’s security policy.
Technical Manager: Assigned custodian of information systems; provides technical facilities and support services to owners and users of information. The technical manager assists program management in the selection of cost-effective controls to be used to protect information systems and is charged with executing the monitoring techniques and procedures for detecting, reporting, and investigating breaches in information asset security.
Threat: any potential danger to information and systems. Examples of some threats may include malicious code, viruses, network attacks, operational weaknesses and vulnerabilities, intentional or inadvertent personnel actions, and natural events.
Trojan: Destructive programs that are hidden in an attractive or innocent-looking piece of software, such as a game or graphics program. Victims may receive a Trojan horse program by email or on a removable media device, often from another unknowing victim, or may be urged to download a file from a Website.
Ulster County Information Services (UCIS): The agency within Ulster County government responsible for information systems, cyber security, networking, and data management.
Unscheduled Change: Failure to present notification to the formal process in advance of the change being made. Unscheduled changes will only be acceptable in the event of a system failure or the discovery of security vulnerabilities.
URI: Uniform Resource Identifier. A string of characters used to identify a resource. Such identification enables interaction with representations of the resource over a network, typically the web, using specific protocols.
URL: Uniform Resource Locator, colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably.
User: An individual or automated application or process that is authorized access to the resource by the owner, in accordance with the owner’s procedures and rules.
Vendor: Someone who exchanges goods or services for money.
Virus: A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive results. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in programs that allow users to generate macros.
Vulnerability: software, hardware or procedural weakness that may compromise the confidentiality, integrity, and availability of information and systems.