Georgetown University Information Services has developed and implemented the Minimum Security Standards policies and procedures to ensure that secure computer systems and networks ae available to accomplish the University's mission of teaching, research, and service. Directed by the Chief Information Security Officer (CISO), these policies set the information security standards which maximize the confidentiality, integrity, and availability of the University’s distributed information technology assets, systems, networks, and data.

Server Risk Classification Examples

LOW RISK MODERATE RISK HIGH RISK

These servers do not access, store, create or transmit any Moderate or High Risk data.

Examples include:

These servers handle Private Data and do not access, store, create or transmit any High Risk data.

Examples include:

These servers handle High Risk data.

Examples include:

  • Servers used for research computing purposes that do not include protected or regulated data.
  • Database of non-public University contracts
  • Servers managing access to other systems
  • File server used to store data available to the public.
  • File server containing non-public procedures/ documentation
  • UIS and departmental logging systems
  • Database server containing data available to the public.
  • Database server containing internal confidential records
  • Active Directory and DNS
   
  • Database or file servers containing personally identifiable student records, HR records or human subject data.