Skip to page content
Skip to main content
University of Maryland
  • School Colleges & Schools
  • Gift Make A Gift

IT Service Desk

Find solutions and report issues

IT Service Desk

Find solutions and report issues

 DIT Logo
  • Service Catalog
  • Support Articles
  • Get Support
  • My Cases
  • Service Status
  • Live Chat
  • Log in
  • Home
  • Articles(IT Support)
  • IT Compliance
  • Security Assessments for UMD Units
Security Assessments for UMD Units -
KB0014905 -
  • 3.0 - Updated on 07-09-2024 by Sussan Dehghan-Kavoosi
  • 2.0 - Updated on 07-03-2023 by Sussan Dehghan-Kavoosi
  • 1.0 - Authored on 06-13-2019 by Leighanne Ellis

Security Assessments for UMD Units

Article metadata. Revised by Sussan Dehghan-Kavoosi
This article was updated • 4mo agoabout a year ago
This article has 26 views. • 26 Views This article has average rating: 0 out of 5 stars • ( ) ( ) ( ) ( ) ( )

The Division of Information Technology (DIT) IT Compliance team develops and conducts security assessments as a trusted adviser and/or counselor for Information Systems. Utilizing security controls and standards recommended by the National Institute of Standards and Technology (NIST), the SANS Institute and University System of Maryland IT Security Standards, the IT Compliance team will evaluate the current state of your IT environment against these controls and standards. The IT Compliance team will also provide solutions to any problems or vulnerabilities found throughout the security assessment process.

The goal of a security assessment is to assist units within the University of Maryland (UMD) College Park community. This is made possible via a member of IT Compliance who will review the current configurations of a unit and ensure appropriate security controls are in place to protect confidential data and decrease the likelihood of successful information security incidents. The mission of IT Compliance is to enhance and protect organizational value and improve the University's operations by providing risk-based and objective assurance, advice, and insight. 

Below are example scenarios that would benefit from having a Security Assessment performed by IT Compliance:

  • If you or your unit inherits an unfamiliar system and/or key personnel leave and knowledge of the system or IT process is not documented.
  • To instill confidence within management and the clients that the systems, processes and security are compliant with applicable laws and regulations.
  • To verify the security stance of the system and/or processes. Especially when your unit is not responsible for performing maintenance to the system.
  • Suspicious activity or a decrease in production has been noted.

Security assessments are only performed upon request. The purpose is to provide a unit with an in-depth review of their current IT standing. Security assessments are beneficial for exposing unknown system vulnerabilities. In addition, an assessment can assist with outlining potential audit findings as well as provide feedback for addressing prior findings from an audit agency. All of the materials associated with a security assessment stay internal to UMD.

In order to request a security assessment, contact it-compliance@umd.edu with a description of the system(s) and if there are any concerns. Once the request is received, a member of the IT Compliance team will reach out to the requester to set up an introduction interview. This can take place either in-person or over the phone with the requester as well as with members of the unit's IT staff. During this introduction meeting, the scope of the security assessment will be defined. Typically, a security assessment takes at least 30 days to complete. This number can change based on the scope of the review and the rate documentation is provided. Each assessment includes corresponding solutions designed to correct any noted vulnerability. If resources are an issue with implementing any solution, the Division of Information Technology can provide direct assistance.

The IT Compliance team is committed to performing value-added, risk-based security assessments, designed to independently review and evaluate information technology and operational controls throughout the University. 

If you have any questions regarding the security assessment process, please contact it-compliance@umd.edu.

Related Articles

No content to display
Helpful?

Division of Information Technology | University of Maryland | 301.405.1500 | itsupport@umd.edu | Web Accessibility | Privacy Notice

© 2024 All rights reserved

DIT on Facebook DIT on Twitter DIT on Instagram