132 Data Security Policies UNIVERSITY OF MASSACHUSETTS AMHERST Information Security Policy - Draft http://www.umass.edu/it/policies/drafts may vary according to the risk that they present. Accounts with enhanced privileges may have additional requirements. For additional information including account standards, and password complexity rules, see: https://www.umass.edu/it/security/access [10]. At a minimum, all accounts must adhere to the following: 1. Credential Sharing Credentials for individual accounts must not be shared. 2. Password Complexity UMass Amherst IT sets password complexity requirements for your NetID. It is against policy for a user to subvert those requirements. Other password protected accounts must establish passwords with equivalent or greater complexity as the NetID requirements. VI. Terms and Definitions Assets: Information technology resources, such as hardware and software, institutional information, research data, and intellectual property. Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Custodians: See “Institutional Information and Data Custodians” below. Data Categorization: See “Institutional Information and Research Data Categorization”. Data Custodians: Any individuals (employees, volunteers, etc.) who access, manage, or manipulate institutional information or research data. Custodians must follow campus policy and stewardship rules for handling of institutional information and research data. End-User: Anyone who consumes an information service. For more information see “User”. End-User Devices: Information Technology system operated by users e.g. Desktop and Laptop computers, Mobile phones, tablets, etc. Information security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Information Security Incident: An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Information Service: A collection of information technology systems through which a user can access, manipulate, or create campus assets. Information Technology (IT) Resources: Anything that generates, stores, processes or transmits electronic information. This includes end-user devices and information technology systems. Information Technology System: A subset of information technology resources that collectively provide an information service to end- user devices. Institutional Information: Any information, regardless of medium, in the furtherance of the campus mission, excluding research data. Institutional Information and Research Data Categorization: The exercise of mapping data to the appropriate security categories as identified in FIPS-199. Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. Network: A group of information technology resources and other computing hardware devices that are linked together through communication channels to facilitate communication and resource-sharing among a wide range of users. Research Data: All recorded information, regardless of medium, and all actual samples or examples, that were created or gathered and that could serve to influence or support a research finding or conclusion. Data does not include such items as research papers cited by