The University of Maryland | Office of the Comptroller



Dear University Community,The UMD Cybersecurity Task Force continues to help guide efforts to safeguard data campus wide. In accordance with recommendations outlined by the Task Force, the Division of Information Technology (DIT) will launch two efforts in the coming weeks that will aid in protecting sensitive and regulated data. Specifically, these initiatives will help accomplish the following:1. Identify vulnerabilities:A fundamental challenge in protecting data is identifying where it lives. To assist with this task, we have chosen a tool called Identity Finder -- software that scans computers for patterns that correspond to sensitive data, such as Social Security and credit card numbers. DIT recently completed these scans on its university-owned devices, and found computers that contained sensitive data. We have been working with IT directors across campus to test Identity Finder, and have executed test runs on the computers of members of the UMD IT Council Steering Committee.In the coming weeks, we will begin installing and running Identity Finder on all university-owned computers to identify where sensitive data resides, eliminate data that is not necessary to keep, and isolate, encrypt, and monitor data that must be retained for university purposes.Identity Finder is an awareness tool, not an enforcement tool, and you will control any actions taken. We are paying particular attention to sensitivities concerning privacy. More information, including FAQs, can be found at it.umd.edu/IdentityFinder.2. Protect passwords and access:Since passwords alone are increasingly ineffective at securing systems, UMD will implement multi-factor authentication (MFA), a measure that provides an additional layer of security when logging in or performing transactions online. UMD will implement this change using a tool called Duo Security, and will deploy MFA at the university on a system-by-system basis. Using multi-factor authentication for access to all critical systems that store sensitive data is a best practice, and will include using the traditional Directory ID and password login as well as a second factor, such as a smartphone app or token. We are going to start with UMD's Kuali Financial System shortly, and at that time will provide additional information, support, training and documentation.The Task Force also recommended extensive education in order to educate and implement "healthy" IT security behaviors, including: a. Check at spam@umd.edu before you click on a URL in an email asking for your ID/password b. Use UMD credentials only for UMD websites c. Securely configure networked equipment d. Store UMD sensitive data securely (regardless of the type of computing equipment) e. Back up UMD data on secure servicesI realize that these security efforts represent changes to the university environment. We are trying very hard to carefully balance the rapidly escalating IT risks the university faces with preserving an open campus environment that supports the university's mission. I welcome any feedback from the UMD community as we manage real risks and preserve our culture of openness and transparency.Dr. Eric DennaVice President for Information Technology and Chief Information Officer (CIO) University of Maryland, College Park ******************** This note was authorized for distribution to University of Maryland Faculty and Staff by: Vice President of IT and CIO ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download