About
Cybersecurity Assurance and Digital Trust performs cybersecurity operations activities for the campus. This including event monitoring, incident response, vulnerability management, and security tool operations. Cybersecurity operations activities span both on-premises and cloud based hosting environments.
Incident Response and Investigation
UMBC maintains a documented IT Incident Response Plan to address security incidents and protect operations, with DoIT investigating and resolving incidents in critical systems using audit trails, monitoring, and forensic investigations. For routine cybersecurity events and incidents, Cybersecurity Assurance and Digital Trust maintains a library of incident response playbooks. If you believe a cybersecurity incident has occurred, please contact security@umbc.edu or for immediate assistance call 410-455-3933, or on campus at extension 53933.
Protection from malware and phishing attacks
UMBC employs a robust, multi-layered security approach to safeguard its community from malware and phishing attacks. This includes technical measures like endpoint protection, network security with intrusion prevention and filtering, and proactive vulnerability scanning. Additionally, UMBC utilizes advanced email scanning and threat detection and provides security awareness training to educate the community about these threats. These measures, along with incident response planning, contribute to a safer computing environment for students, faculty, and staff. For concerns about malware or phishing, please contact security@umbc.edu or for immediate assistance call 410-455-3933, or on campus at extension 53933.
Logging and Event Monitoring
UMBC maintains system logging on various levels of systems and applications to capture critical events like login activity. Audit trails are implemented to record significant system events and transactions, particularly those involving sensitive data and administrative actions. To actively monitor for threats and unusual activity, UMBC utilizes tools like SIEM, intrusion prevention systems, and URL filtering/DNS sinkholing. To onboard logs into UMBC’s SIEM for monitoring, please contact security@umbc.edu.
Vulnerability Management
UMBC proactively manages vulnerabilities through several key processes. External vulnerability scans are conducted on internet-facing IP addresses, with results analyzed and remediation tracked via RT tickets, especially for critical and high-severity findings. Additionally, UMBC performs quarterly vulnerability scans on institutionally-managed high-risk servers and network devices, and has documented processes for the timely deployment of operating system and application patches on endpoints and network devices based on risk assessments. These efforts are informed by risk assessments and aim to minimize exposure to known security weaknesses. Ad-hoc vulnerability scans are also offered and can be coordinated by contacting security@umbc.edu.
Software and Cloud Reviews
To ensure compliance with cybersecurity requirements set by the State of Maryland and the University System of Maryland (USM), DoIT reviews cybersecurity controls on software and cloud service procurements. For software and cloud services processing Level 0 and 1 data, DoIT assesses control design typically through the review of a Higher Education Community Vendor Assessment Toolkit (HECVAT). For software and cloud services processing Level 2 and 3 data (including regulated data), DoIT reviews control design and operation. Control operation is evaluated through the review of third-party assessments like a SOC-2 or Risk and Authorization Management Program (RAMP) report. DoIT will also review the vendor’s privacy policy as part of this review. These reviews are initiated through the PAW system.