Georgetown University Information Services has developed and implemented the Minimum Security Standards policies and procedures to ensure that secure computer systems and networks ae available to accomplish the University's mission of teaching, research, and service. Directed by the Chief Information Security Officer (CISO), these policies set the information security standards which maximize the confidentiality, integrity, and availability of the University’s distributed information technology assets, systems, networks, and data.

Data Risk Classification Examples

LOW RISK MODERATE RISK HIGH RISK

Low Risk data is all other data that is not considered to be Moderate or High Risk, and:

Moderate Risk is not considered to be public or High Risk, and:

Data is classified as High Risk if it is greater than Moderate Risk, and:

  • The loss of its confidentiality, integrity, or availability would cause no harm to Georgetown’s mission, security, finances, or reputation.

  • The loss of its confidentiality, integrity, or availability could cause harm to Georgetown’s mission, security, finances, or reputation.
  • The loss of its confidentiality, integrity, or availability would cause significant harm to Georgetown’s mission, security, finances, or reputation.

  • Georgtown is required to or chooses to disclose this information to the public.
  • This information is not available to the public.

  • It could be exploited for criminal or other wrongful purposes and Georgetown is obligated by policy, statute or regulation to keep it protected and confidential

   
  • Georgetown is contractually obligated to keep it protected and confidential

   
  • The data identifies one or more individuals and should only be shared with the individual’s family, doctor, lawyer, or accountant by his or her consent