Security Risk Classifications for Georgetown Data

Georgetown University Information Services has developed and implemented the Minimum Security Standards policies and procedures to ensure that secure computer systems and networks are available to accomplish the University’s mission of teaching, research, and service. Directed by the Chief Information Security Officer (CISO), these policies set the information security standards which maximize the confidentiality, integrity, and availability of the University’s distributed information technology assets, systems, networks, and data.

UIS Data Classifications

Low Risk Data: Data is classified as low risk when the unauthorized disclosure, alteration or destruction of that data would result in little or no risk to the University and its affiliates.
Moderate Risk Data: Data is classified as moderate risk when the unauthorized disclosure, alteration or destruction of that data could result in a moderate level of risk to the University or its affiliates. By default, all University data that is not explicitly classified as High risk or Low risk data should be treated as Moderate risk data.

High Risk Data: Data is classified as high risk when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the University or its affiliates.

UIS Data Handling Chart

How to handle University information