Security Risk Classifications for Georgetown Servers

Georgetown University Information Services has developed and implemented the Minimum Security Standards policies and procedures to ensure that secure computer systems and networks ae available to accomplish the University’s mission of teaching, research, and service. Directed by the Chief Information Security Officer (CISO), these policies set the information security standards which maximize the confidentiality, integrity, and availability of the University‚Äôs distributed information technology assets, systems, networks, and data.

Risk Classifications
Low Risk Moderate Risk High Risk
These servers do not access, store, create or transmit any Moderate or High Risk data. Examples include:
  • Servers used for research computing purposes that do not include protected or regulated data.
  • File server used to store data available to the public.
  • Database server containing data available to the public.
These servers handle Private Data and do not access, store, create or transmit any High Risk data. Examples include:
  • Database of non-public University contracts
  • File server containing non-public procedures/ documentation
  • Database server containing internal confidential records
These servers handle High Risk data. Examples include:
  • Servers managing access to other systems
  • UIS and departmental logging systems
  • Active Directory and DNS
  • Database or file servers containing personally identifiable student records, HR records or human subject data.