About
Cybersecurity Assurance and Digital Trust performs cybersecurity operations activities for the campus. This including event monitoring, incident response, vulnerability management, and security tool operations. Cybersecurity operations activities span both on-premises and cloud based hosting environments.
Incident Response and Investigation
UMBC maintains a documented IT Incident Response Plan to address security incidents and protect operations, with DoIT investigating and resolving incidents in critical systems using audit trails, monitoring, and forensic investigations. For routine cybersecurity events and incidents, Cybersecurity Assurance and Digital Trust maintains a library of incident response playbooks. If you believe a cybersecurity incident has occurred, please contact security@umbc.edu or for immediate assistance call 410-455-3933, or on campus at extension 53933.
Protection from malware and phishing attacks
UMBC employs a robust, multi-layered security approach to safeguard its community from malware and phishing attacks. This includes technical measures like endpoint protection, network security with intrusion prevention and filtering, and proactive vulnerability scanning. Additionally, UMBC utilizes advanced email scanning and threat detection and provides security awareness training to educate the community about these threats. These measures, along with incident response planning, contribute to a safer computing environment for students, faculty, and staff. For concerns about malware or phishing, please contact security@umbc.edu or for immediate assistance call 410-455-3933, or on campus at extension 53933.
Logging and Event Monitoring
UMBC maintains system logging on various levels of systems and applications to capture critical events like login activity. Audit trails are implemented to record significant system events and transactions, particularly those involving sensitive data and administrative actions. To actively monitor for threats and unusual activity, UMBC utilizes tools like SIEM, intrusion prevention systems, and URL filtering/DNS sinkholing. To onboard logs into UMBC’s SIEM for monitoring, please contact security@umbc.edu.
Vulnerability Management
UMBC proactively manages vulnerabilities through several key processes. External vulnerability scans are conducted on internet-facing IP addresses, with results analyzed and remediation tracked via RT tickets, especially for critical and high-severity findings. Additionally, UMBC performs quarterly vulnerability scans on institutionally-managed high-risk servers and network devices, and has documented processes for the timely deployment of operating system and application patches on endpoints and network devices based on risk assessments. These efforts are informed by risk assessments and aim to minimize exposure to known security weaknesses. Ad-hoc vulnerability scans are also offered and can be coordinated by contacting security@umbc.edu.