Data belongs to specific functional areas, also referred to as a data domain. Examples of Data Domains are:
A Data Steward has planning and policy responsibilities for data within a specific functional area(s) or data domain. Data Stewards have responsibility for understanding, protecting and granting access to CCC data.
A Data Manager has day-to-day responsibilities for data management within a specific functional area(s) or data domain. Data Managers have responsibility for understanding, protecting and managing access to CCC data.
A data user has operational requirements to access data and use data in performance of his/her assigned duties.
DCL3 - Previously known as Class A Protected at the CSUS.Level 3 is protected confidential data, which comprises identity and financial data that, if improperly disclosed, could be used for identity theft or to cause financial harm to an individual or the ConnSCU system. Security at this level is very high (highest possible).
Examples of DCL3 data are:
DCL3 data must be protected from disclosure and maleficence
DCL2 - Previously known as Class A at the CSUS.Level 2 is restricted data that is available for disclosure, and may be disclosed under certain circumstances e.g. FOIA, legal request, etc. Such information is restricted due to federal and state law, ethical and privacy considerations.
An example of such restrictions is the FERPA guidelines that govern publication and disclosure of student information. Security at this level is high.
Examples of DCL2 data are:
DCL1 - Previously known as Class B at the CSUS.
Level 1 is internal data that has not been approved for general circulation outside the ConnSCU system where its disclosure would inconvenience the ConnSCU system, but is unlikely to result in financial loss or serious damage to credibility. Security at this level is controlled but normal.
Examples of DCL1 data are:
DCL0 - Previously known as Class C at the CSUS.Level 0 is public data that has been explicitly approved for distribution to the public. Disclosure of public data requires no authorization and may be freely disseminated without potential harm to the ConnSCU system. Security at this level is minimal.
Examples of DCL0 data are:
security program is the comprehensive safe-guarding of an
organization's data from unauthorized access or modification to
ensure its availability, confidentiality, and integrity. It includes
the Information security and awareness components.
CSCU's Information Security Awareness Training is currently being provided through SANS Securing the Human training program, an online training that focuses on the individual and what they can do to help secure their organization and themselves.