| Term | Definition |
| Administrative Account | A user account with elevated privileges on a device, intended only for management tasks such as installing software, managing user accounts, and modifying operating system and application settings. |
| Authorized Removable Media Device | A removable media device that has been formally approved, institutionally managed, and configured in accordance with this standard, including required encryption and monitoring controls. |
| Data Exfiltration | The unauthorized transfer, copying, or removal of data from an institutional system or controlled environment. |
| Data Steward | All FIU employees, students and authorized users of IT data resources. |
| Data Owner | Any manager, director, division head or equivalent, who has accountability and responsibility for the integrity, accurate reporting and use of computerized data. This individual typically exists within the department that generated the data and is ultimately accountable for its accuracy and proper handling. |
| Device Media Control | Technical controls implemented at the endpoint or system level to block, restrict, monitor, or log the use of removable storage devices. |
| Endpoint | Any university-owned or managed workstation, laptop, server, or other computing device capable of having removable media connected to it. |
| Endpoint Privilege Management (EPM) | A technology and process framework that removes standing local administrator rights from endpoints and replaces them with policy-driven, just-in-time elevation capabilities managed through the university’s designated EPM solution. |
| FIU Systems | Any system and/or application on prem or in the cloud which FIU users authenticate to. |
| FIU Users | Students, faculty, staff, third party affiliates (consultants, vendors, Person of Interest), vendors, contractors, sub-contractors, suppliers, business partners, and other persons affiliated with FIU. |
| Information Security Incident | A suspected, attempted, successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information; interference with information technology operations; or significant violation of acceptable use policy. |
| IT Administrators | An individual with responsibility for the configuration, implementation, management, monitoring, oversight, and day-to-day operations of university IT Assets. |
| IT Assets | Technology resources including, but not limited to, computers, networks, servers, applications, databases, software, and operating systems owned by, managed by, or sponsored by IT Administrators. |
| Level 3 - Confidential Data | Institutional data classified under the FIU Data Classification Policy requiring the highest level of protection due to regulatory, contractual, privacy, or operational impact. |
| Managed Device | Any computing device (i.e. laptop, desktop, mobile device, server, or IoT endpoint) that is university-owned, controlled, configured, and secured by Division of Information Technology. |
| MFA (Multi-Factor Authentication) | Multi Factor Authentication or Two-Factor Authentication (2FA) increases security on your FIU account by requiring you to log on by using both your password and your device (e.g. mobile phone or hardware token). Because it requires two steps to log in, 2FA offers more account security than a password alone - it provides added protection for both individuals and the FIU community at large. |
| Member or Member of the FIU Community | An authorized user of an FIU enterprise resource includes faculty, staff, POI, contractors, students, volunteers. |
| Privileged Access | An elevated or higher level of access to university IT systems or data resources than would be granted to a standard user account. |
| Privileged Identity Management (PIM) | A capability that provides time-based and approval-based activation of privileged roles in cloud and hybrid environments, enforcing just-in-time access and reducing standing administrative privileges. |
| Privileged User | A user trusted and authorized to perform elevated security functions or operations, including access to confidential data that non-privileged user accounts are not authorized to access. |
| Regulated Data | Data subject to federal, state, local laws or other contractual protection requirements, including but not limited to FERPA, HIPAA, GLBA, or any other legally mandated safeguards. |
| Removable Media | Any portable digital storage device that can be attached to and removed from a computing device and used to store or transfer data. Examples include USB flash drives, external hard drives, solid-state drives (SSDs), SD cards, writable optical media, and similar devices. |
| Service Account | A non-human account used by an application, service, scheduled task, or integration to authenticate and perform automated functions on information systems. Interactive logon should be disabled. |
