Security Risk Classifications for Georgetown Data

Georgetown University Information Services has developed and implemented the Minimum Security Standards policies and procedures to ensure that secure computer systems and networks ae available to accomplish the University’s mission of teaching, research, and service. Directed by the Chief Information Security Officer (CISO), these policies set the information security standards which maximize the confidentiality, integrity, and availability of the University’s distributed information technology assets, systems, networks, and data.

Data Risk Classification Examples

Risk Classifications
Low Risk Moderate Risk High Risk
Low Risk data is all other data that is not considered to be Moderate or High Risk, and:
  • The loss of its confidentiality, integrity, or availability would cause no harm to Georgetown’s mission, security, finances, or reputation.
  • Georgtown is required to or chooses to disclose this information to the public.
Moderate Risk is not considered to be public or High Risk, and:
  • The loss of its confidentiality, integrity, or availability could cause harm to Georgetown’s mission, security, finances, or reputation.
  • This information is not available to the public.
Data is classified as High Risk if it is greater than Moderate Risk, and:
  • The loss of its confidentiality, integrity, or availability would cause significant harm to Georgetown’s mission, security, finances, or reputation.
  • It could be exploited for criminal or other wrongful purposes and Georgetown is obligated by policy, statute or regulation to keep it protected and confidential
  • Georgetown is contractually obligated to keep it protected and confidential