Security Risk Classifications for Georgetown Servers

Georgetown University Information Services has developed and implemented the Minimum Security Standards policies and procedures to ensure that secure computer systems and networks are available to accomplish the University’s mission of teaching, research, and service. Directed by the Chief Information Security Officer (CISO), these policies set the information security standards which maximize the confidentiality, integrity, and availability of the University’s distributed information technology assets, systems, networks, and data.

 
Low Risk Medium Risk High Risk
These servers do not access, store, create or transmit any Medium- or High-Risk data.
Examples include:

 

  • Servers used for general computing purposes that do not include protected or regulated data.
  • File server used to store data available to the public.
  • Database server containing data available to the public.
 These servers handle Private Data and do not access, store, create or transmit any High-Risk data.
Examples include:

 

  • Database of non-public University contracts
  • File server containing non-public procedures/ documentation
  • Database server containing internal confidential records
 These servers handle High-Risk data.
Examples include:

 

  • Servers managing access to other systems
  • UIS and departmental logging systems
  • Active Directory and DNS
  • Database or file servers containing personally identifiable student records, HR records or human subject data.