OAR 407-014-0305
Definitions
(1)
“Access” means the ability or the means necessary to read, communicate, or otherwise use any Department information asset.(2)
“Access control process” means Department forms and processes used to authorize a user, identify their job assignment, and determine the required access.(3)
“Client records” means any client, applicant, or participant information regardless of the media or source, provided by the Department to the user, or exchanged between the Department and the user.(4)
“Department” means the Department of Human Services.(5)
“Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of any network and information system or Department information asset including but not limited to unauthorized disclosure of information, failure to protect user’s identification (ID) provided by the Department, or theft of computer equipment that uses or stores any Department information asset.(6)
“Information asset” means any information, also known as data, provided through the Department, regardless of the source or media, which requires measures for security and privacy of the information.(7)
“Network and information system” means the State of Oregon’s computer infrastructure which provides personal communications, client records and other sensitive information assets, regional, wide area and local area networks, and the internetworking of various types of networks on behalf of the Department.(8)
“Organization” means any entity authorized by the Department to access a network and information system or information asset.(9)
“User” means any individual authorized by the Department to access a network and information system or information asset.
Source:
Rule 407-014-0305 — Definitions, https://secure.sos.state.or.us/oard/view.action?ruleNumber=407-014-0305
.