兔子先生

Skip Navigation
Request Info
Request Info
Skip to Menu Toggle Button

兔子先生Policy X-1.04 兔子先生Policy on Information Security

EXPLORE MORE OF UMGC

Policy CategoryPolicy OwnerVersion Effective DateReview CycleLast ReviewedPolicy Contact
X. Information Governance, Security & TechnologyChief Transformation OfficerMay 24, 2023Every 4 yearsJan. 28 2025Information Security
  1. Purpose
    The purpose of this Policy is to protect University Information and Information Resources that must be protected throughout their lifecycle, including when created or collected, stored, transmitted or transferred, and destroyed.

    To accomplish this objective, administrative, technical, and physical safeguards must be in place to adequately protect Information Resources, while supporting their use in furthering UMGC's mission.
  2. Scope
    1. This Policy applies to Information Resources residing in 兔子先生internal or external environments that store or process 兔子先生Data.
    2. This Policy and its supporting standards and procedures apply to all Users who use or have access to 兔子先生Information and information Resources.
    3. This Policy applies to any Information System or Information Resource that is owned or managed by the University.
  3. Definitions
    Defined terms are capitalized throughout this Policy and can be found in the聽Information Governance Glossary.
  4. Roles and Responsibilities
    1. All Users with access to the University's Information Resources or Information Systems are responsible for reviewing and understanding all 兔子先生Information Security Policies.
    2. The Sr. Director, Information Security and Information Technology Operations are responsible for monitoring compliance with this Policy.
  5. Information Security
    1. The University must establish and maintain an Information Security Program that protects all 兔子先生Information and Information Resources, commensurate with risk. The University System of Maryland ("USM") IT Security Standards shall serve as the framework for UMGC's Information Security Program.
    2. The University must establish appropriate security controls that comply with USM IT Security Standards to support the University's Information Security Policy. The security control areas will include Asset Control, Asset Management, Audit & Accountability, Awareness & Training, Configuration Management, Identification & Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Recovery, Risk Management, Security Assessment, Situational Awareness, System & Communications Protection, and System & Information Integrity.
    3. The University must establish enforcement for non-compliance with control standards and procedures or for violation of applicable laws or regulations.
    4. This Policy's further objective is to control standards and procedures to help ensure the following:
      1. Information Resource Availability
        The Information Resources of the University are available to support the teaching, learning, or administrative roles for which they are designated.
      2. Information Integrity
        The Information used in teaching, learning, or administration is guarded against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.
      3. Information Confidentiality
        Information is adequately safeguarded against unauthorized access and disclosure, including means for protecting personal privacy and proprietary information.
  6. Enforcement
    1. Suspected violations will be investigated and may result in disciplinary action in accordance with University codes of conduct, policies, or applicable laws. Sanctions may include one or more of the following:
      1. Suspension or termination of access
      2. Removal of devices determined to be using the University's networking resources inappropriately or in violation of the Acceptable Use Policy.
      3. Termination of employment
      4. Student discipline in accordance with applicable University Policies
      5. Civil or criminal penalties
    2. Report suspected violations of this Policy to聽infosec@umgc.edu, or to the appropriate Data Steward. Reports of violations are considered Confidential Data until otherwise classified.
    3. The University reserves the right to disconnect any resource from 兔子先生networks until suspected Security Incidents are resolved.
  7. Standards Referenced
    1. Most recent versions:
      1. USM IT Security Standards
      2. NIST SP 800-171 鈥淧rotecting Controlled Unclassified Information in Nonfederal Systems and Organizations鈥
      3. Cybersecurity Maturity Model Certification (CMMC)
  8. Related Policies
    1. 兔子先生Policy X-1.02 Data Classification
    2. 兔子先生Policy X-1.12 Acceptable Use
    3. 兔子先生Policy X-1.19A Account Management (兔子先生Learner Community)
    4. 兔子先生Policy X-1.19B Account Management (兔子先生Workforce)

By using our website you agree to our use of cookies. Learn more about how we use cookies by reading our聽Privacy Policy.