Cybersecurity Data

To ensure UMBC systems remain safe and secure, the Division of Information Technology (DoIT) monitors system activity for anomalous behavior, and routinely scans systems for sensitive data and vulnerabilities.

User information

Your user id, login time, and login location.

Device information

IP address, device type, operating system, and user-agent strings.

Usage information

Session identifiers, programs run or network connections made.

Usage content

This is limited to connections to UMBC applications and networks, and UMBC device activity.

Logging Information

We log all interactions.

Data Identified as Sensitive

Discovery of data on UMBC assets that match patterns for Social Security Numbers (SSN) and credit card numbers.

 

Vulnerability Management

When we assess what systems are vulnerable and need to be updated.

Sensitive Data Protection

When we check for possible SSNs and credit card numbers stored unnecessarily or in inappropriate places.

IT Security Incident Detection and Response

When we identify suspicious processes and programs, as well as malicious internet connections.

Approved Investigations

When we support legal investigations and institutional efforts to protect the safety, property, or rights of the university, its community members and guests.

Collection, access to and use of cybersecurity data is governed by the UMBC Privacy Policy and Privacy Governance Program, the IT Security Policy, and relevant security procedures and guidelines.

 

Automatically

All cybersecurity data is collected electronically via automated processes in the following circumstances:

  • Ingress and egress traffic within the UMBC network environment is logged.
  • All authentication events (e.g., success and failure) are captured.
  • Endpoints and cloud services are monitored via endpoint and cloud access security solutions.
  • Computers in Sensitive Departments are scanned weekly for social security numbers and credit card numbers.

 

 

UMBC shares cybersecurity data with authorized service providers that provide cybersecurity services to the university. Authorized service providers, such as Checkpoint and Cisco, are contractually required to maintain adequate security and only use data entrusted to them for providing services on the university’s behalf.

Additionally, UMBC may share cybersecurity information when required by law, or in order to protect the safety, property, or rights of the university, its community members, and guests. This is done in accordance with the UMBC Privacy Policy and Privacy Governance Program, the IT Security Policy, and relevant procedures and guidelines.

 

UMBC does not share your personally identifiable location data with third parties. In matters where outside parties are requesting information pertaining to the health, safety, or where legally required, the Office of General Counsel will review the request and give DoIT guidance.

Internally to UMBC, in consultation with the Office of General Counsel, will assist the UMBC Department of Public Safety with WiFi information to address  health, safety, legal cases, or ongoing theft investigations.  Similarly, with regard to student conduct or academic integrity questions, the chair of the UMBC Academic Integrity Committee or the Director of Student Judicial Conduct may submit specific written questions that the DoIT security team will answer in writing. DoIT does not share data directly with these groups.

 

Submit a Privacy Request Form

If you would like to review, correct, or request the deletion of your personal data held by UMBC, or opt-out of third party sharing, please fill out our Privacy Request Form and follow the instructions. This form ensures that your request is processed promptly and in accordance with privacy regulations. Our team will review your submission and respond as soon as possible. For any questions or assistance, please contact our privacy office at privacy@UMBC.edu.