The IT Council approved the classification of data into four categories. Please see this PDF for details on the four classification levels and examples of data for each level. What is Data Classification? Data Classification is the foundation of UMD’s risk-based approach to protection of dat

Table of Contents What are Drive and Box? What features do Box and Drive offer? Feature breakdown  Data classification: Will my data be safe? Have additional questions? The UMD Division of Information Technology offers an array of data storage options for current students, fa

Table of contents General important statements Student information and FERPA Recording meetings, classes and conversations Frequently asked questions Which IT systems at UMD have the capability to capture an individual's audio and image records? Should I record my live (synchronous

Table of Contents Purpose Additional authority Scope Definitions Standards Requirements Physical security Access to information Information storage Distribution and transmission of information Destruction and disposal of information and devices Computer security best practices Inc

Table of contents Definitions Implementation Standards Data protection System security Access control Accountability The IT-1 Standard for IT Security Roles and Responsibilities states that the security of IT resources is a shared responsibility between the campus units operating

What is phishing? Phishing is an attempt made by an individual or group to obtain personal information from unsuspecting users by posing as a trusted organization or individual, such as technical support or one's bank. Commonly, this is done through email messages that are specifically crafted to l

  Table of Contents Introduction Purpose Logging requirements Define roles and responsibilities Log management infrastructure Log analysis Log retention Log disposal Additional resources Introduction Logs play an important role in maintaining security because they afford s

Table of contents Purpose and scope Authority Reporting an IT Security incident  Types of incidents and breaches High severity incident Medium severity incident Low severity incident Incident response team members The incident response process Preparation Detection and anal

By default, any device connected to our wired network (including printers) are placed on a Internet-accessible IP space. This can lead to that printer experiencing a number of problems, the most common of which is the printer printing spam or gibberish wasting a large amount of paper and preventing

In this article System access control guidelines Guidelines for requesting system access Guidelines for granting system access Guidelines for reviewing and managing system access Guidelines for auditing user activities System access control guidelines The University's systems store, trans

Table of contents When should a risk assessment be performed? Why are risk assessments necessary? How long do risk assessments take to complete? Before requesting a risk assessment Areas of concern Questions? The Division of Information Technology (DIT) IT Compliance team performs ris

In this article Purpose Additional authority Scope Standard Purpose This document establishes a formal standard for installation and configuration of firewalls and routers within Cardholder Data Environments and outlines the related requirements specified in the Payment Card Industry Data

Table of Contents Introduction Roles and responsibilities Modification History Introduction The Board of Regents' Information Technology policy and Section 12-112 of the Education Article of the Maryland Code require that each institution within the University System of Maryland adopt

The security self-assessments provided here are based on IT Security best practices as well as compliance requirements set forth by Federal and State standards. These security assessments are meant to aid in properly securing systems. By completing the security self-assessments provided you will be

If your University of Maryland unit collects and uses personal data, you can use this toolkit to assess your processes and address General Data Protection Regulation requirements. This toolkit is part of the GDPR Overview. Does GDPR apply to your data? Answer these questions to help you deter

Table of Contents Purpose and scope Authority Roles and responsibilities Standard University of Maryland Police Department Investigations Subpoenas and court orders Subpoenas and search warrants from external law enforcement agencies & national security letters Maryland Public Info

Table of contents Why is it a bad idea to accept credit card information over email? What constitutes credit card information? My customers send me credit card information over email. What should I do? I mailed a form/application or posted a form/application on my website accepting credit ca

Table of contents Compliance Identity Finder IT policies and standards Multi-Factor Authentication Phishing Project NEThics Security incident Vulnerability scanning Security tips Compliance The IT Compliance Team exists to ensure the University of Maryland, College Park is effecti

Table of contents  What is GDPR? Whose data does the GDPR protect? What does GDPR mean to the University of Maryland? What constitutes personal data? Who does the GDPR affect? Do the rules only apply to EU citizens or residents? What are the penalties for non-compliance? Why does GD

The Division of Information Technology (DIT) IT Compliance team develops and conducts security assessments as a trusted adviser and/or counselor for Information Systems. Utilizing security controls and standards recommended by the National Institute of Standards and Technology (NIST), the SANS Insti

Table of contents Purpose Additional authority Scope Standard Requirements Guidelines for cardholder data elements Purpose This document establishes a formal standard for the protection of cardholder data within Cardholder Data Environments (CDE) and outlines the related requirements

Table of contents Purpose Additional authority Scope Standard Requirements Accessing cardholder data Authentication and identification Restrict physical access of cardholder data Purpose This document establishes a formal access control standard and outlines the related requi

Table of contents Purpose Additional authority Scope Standard Requirements Malware protection Vulnerability scanning Patching Develop and maintain secure systems Purpose This document establishes a formal vulnerability management standard and outlines the related requirement

  Table of Contents Purpose Additional authority Scope Standard Requirements Purpose This document establishes a formal network monitoring standard and outlines the related requirements specified in the Payment Card Industry Data Security Standards that must be implemented in

Table of contents Purpose Additional authority Scope Standard Requirements Purpose This document establishes a formal testing standard and outlines the related requirements specified in the Payment Card Industry Data Security Standards (PCI DSS) that must be implemented into all Unive

In this article Purpose Additional authority Scope Standard Requirements Purpose This document establishes a formal standard for management of default vendor settings and configurations of systems, firewalls, and routers within Cardholder Data Environments (CDE) and outlines the related r

The Payment Card Industry (PCI) has issued a set of standards for which all organizations that store, process or transmit credit card data must comply. These new standards are called Payment Card Industry Data Security Standards (PCI DSS). These standards bring additional responsibilities concerning

Below you will find a collection of Security Assessment Tools from various external sources that have been researched and deemed beneficial to reducing security risks. SANS Security Web Application Technologies Checklist. Oracle Secure Coding Guidelines for Java SE. OWASP Top Ten for Applicatio

In this article Purpose Additional authority Scope Standard Requirements Purpose This document establishes a formal standard for the encryption of cardholder data whenever transmitted across open networks and outlines the related requirements specified in the Payment Card Industry Data Se

Table of contents Purpose Scope Definitions Standard Requests for existing data - data extracts Requests for existing data - ongoing system access Requests for collection of data Exempt requests Review Role based access Date of effect Purpose The University of Maryland's I