To ensure UMBC systems remain safe and secure, the Division of Information Technology (DoIT) monitors system activity for anomalous behavior, and routinely scans systems for sensitive data and vulnerabilities.
What Cybersecurity Data We Collect
User information
Your user id, login time, and login location.
Device information
IP address, device type, operating system, and user-agent strings.
Usage information
Session identifiers, programs run or network connections made.
Usage content
This is limited to connections to UMBC applications and networks, and UMBC device activity.
Logging Information
We log all interactions.
Data Identified as Sensitive
Discovery of data on UMBC assets that match patterns for Social Security Numbers (SSN) and credit card numbers.
How We Use Cybersecurity Data We Collect
Vulnerability Management
When we assess what systems are vulnerable and need to be updated.
Sensitive Data Protection
When we check for possible SSNs and credit card numbers stored unnecessarily or in inappropriate places.
IT Security Incident Detection and Response
When we identify suspicious processes and programs, as well as malicious internet connections.
Approved Investigations
When we support legal investigations and institutional efforts to protect the safety, property, or rights of the university, its community members and guests.
Collection, access to and use of cybersecurity data is governed by the UMBC Privacy Policy and Privacy Governance Program, the IT Security Policy, and relevant security procedures and guidelines.
How Do We Collect Cybersecurity Data
Automatically
All cybersecurity data is collected electronically via automated processes in the following circumstances:
- Ingress and egress traffic within the UMBC network environment is logged.
- All authentication events (e.g., success and failure) are captured.
- Endpoints and cloud services are monitored via endpoint and cloud access security solutions.
- Computers in Sensitive Departments are scanned weekly for social security numbers and credit card numbers.
How Do We Share Cybersecurity Data
UMBC shares cybersecurity data with authorized service providers that provide cybersecurity services to the university. Authorized service providers, such as Checkpoint and Cisco, are contractually required to maintain adequate security and only use data entrusted to them for providing services on the university’s behalf.
Additionally, UMBC may share cybersecurity information when required by law, or in order to protect the safety, property, or rights of the university, its community members, and guests. This is done in accordance with the UMBC Privacy Policy and Privacy Governance Program, the IT Security Policy, and relevant procedures and guidelines.