Definitions

Education records - Records that are directly related to a student and are maintained by an educational agency or institution or by a party acting for the agency or institution. For more information, see the Family Educational Rights and Privacy Act regulations, 34 CFR §99.3.

Personally identifiable information (PII) - Information that can be used to distinguish or trace an individual’s identity either directly or indirectly through linkages with other information. See Family Educational Rights and Privacy Act regulations, 34 CFR §99.3, for a complete definition of PII specific to education records and for examples of other data elements that are defined to constitute PII.

ACL - Access Control List; a set of rules in a network device, such as a router, that controls access to segments of the network. A router with ACLs can filter inbound and/or outbound network traffic similar to a firewall but with less functionality.

Authentication - Process of verifying one's digital identity. For example, when someone logs into Webmail, the password verifies that the person logging in is the owner of the eID. The verification process is called authentication.

Authorization - Granting access to resources only to those authorized to use them.

Availability - Ensures timely and reliable access to and use of information.

Confidentiality - Preserves authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Firewall - A specialized hardware and/or software system with stateful packet inspection that filters network traffic to control access to a resource, such as a database server, and thereby provide protection and enforce security policies. A router with ACLs is not considered a firewall for the purposes of this document.

IDS - Intrusion Detection System; a system that monitors network traffic to detect potential security intrusions. Normally, the suspected intrusions are logged and an alert generated to notify security or system administration personnel.

Integrity - Guards against improper modification or destruction of information, and ensures non-repudiation and authenticity.

IPS - Intrusion Prevention System; an IDS with the added ability to block malicious network traffic to prevent or stop a security event.

Local Network - Any segment the District's data network physically located in any District building with an IP address starting with 10.X.X.X or an un-routable private IP address (e.g., 192.X.X.X).

Remote Access - Accessing the District's local network from any physical location outside the Local Network. This includes access from off campus using the District's VPN service.

Secure Data Center - A facility managed by full-time IT professionals for hosting computer, data storage, and/or network equipment with 24x7 auditable restricted access, environmental controls, power protection, and network firewall protection.

Secure Server - a computer that provides services to other computers, applications, or users; is running a server operating system; and is hardened according to relevant security standards, industry best practices, and District security policies.

Sensitivity - Indicates the required level of protection from unauthorized disclosure, modification, fraud, waste, or abuse due to potential adverse impact on an individual, group, institution, or affiliate. Adverse impact could be financial, legal, or on one's reputation or competitive position. The more sensitive the data, the greater the need to protect it.

De-identified/Anonymous Data - The District/User has removed all personally identifiable information and there is a reasonable determination that the student is not identifiable.

District Data - Any data related to Hackensack Board of Education ("District") functions that are:

1. Stored on District information technology systems (internal and hosted).
2. Maintained by District staff or students.
3. Related to institutional processes on or off campus. This applies to any format or media (in other words, it is not limited to electronic data).

VPN - Virtual Private Network; a VPN provides a secure communication channel over the Internet that requires authentication to set up the channel and encrypts all traffic flowing through the channel.