Skip Navigation
University of Maryland Global Campus University of Maryland Global Campus
  • Locations
    • U.S. Locations
    • UMGC Asia
    • UMGC Europe
    • Learn Online
  • Get Help
    • Find Answers
    • Chat Now
    • Email Us
  • 855-655-8682
  • Current Students
Login
Request Info
Apply Now
  • Leadership & Governance
    Leadership & Governance
    • Office of the President
    • Strategic Plan
    • Boards and Committees
    • Executive Committee
    • Maryland Cybersecurity Council
    • Shared Governance
    • Academic Advisory Board
    • Adjunct Faculty Association
    • Student Advisory Council
    Related Links
    • Awards and Recognition
    • Mission and History
    • Regional Accreditation
    • University System of Maryland Membership
  • Arts
    Arts
    • Arts Program
    • Art Exhibitions
    • Art Collections
    • Art Talks
    • Art Galleries and Hours
    • UMGC TV
  • Policies & Reporting
    Policies & Reporting
    • Institutional Data
    • Facts at a Glance
    • Fact Book and Fact Sheet Archive
    • Policies
    • Academic Affairs Policies
    • Administration Policies
    • External Relations Policies
    • Faculty Policies
    • Fiscal and Business Affairs Policies
    • General Policies
    • Human Resources Policies
    • Info Governance, Security & Technology Policies
    • Research Policies
    • Student Affairs Policies
    • Fair Practices
    • Sexual Misconduct (Title IX)
    • Suspected Child Abuse and Neglect
  • Jobs At UMGC
    Jobs At UMGC
    • Apply for a Job
    • Who We Are
    • Culture
    • Faculty Careers
    • Professional Careers
    • Benefits
    • Careers FAQs
    • Community Engagement
    • New Hire Orientation
    • New Hire Onboarding
    • Benefits Enrollment Information
    • Retirement Enrollment Information
  • UMGC Blog
  • UMGC Podcast
    • U.S. Locations
    • UMGC Asia
    • UMGC Europe
    • Learn Online
    • Find Answers
    • Chat Now
    • Email Us
  • 855-655-8682
  • Current Students
Request Info
Apply Now
Skip to Menu Toggle Button

UMGC Policy X-1.18 UMGC Policy on Information Security Risk Management

  1. University of Maryland Global Campus
  2. Administration
  3. Policies & Reporting
  4. Policies
  5. Info Governance, Security, & Technology Policies
  6. UMGC Policy on Information Security Risk Management

EXPLORE MORE OF UMGC

  • Administration
    • Policies & Reporting
      • Policies
        • Info Governance, Security, & Technology Policies
Policy CategoryPolicy OwnerVersion Effective DateReview CyclePolicy Contact
X. Information Governance, Security & TechnologySVP, General Counsel, and Chief People OfficerOct. 31, 2023Every 3 yearsInformation Governance
  1. Purpose
    This policy establishes the requirements for the identification and assessment of Information Security related risks facing UMGC ("University") to inform decision-making regarding risk tolerance and acceptance. This policy supports the UMGC Policy on Enterprise Risk Management and the University System of Maryland (USM) IT Security Standards by further establishing standards related to Information Security risk assessment procedures and mitigation strategies.
  2. Scope and Applicability
    This policy applies to all Users of UMGC Information Resources.
  3. Definitions
    Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.
  4. Information Security Risk Management
    1. The Information Security Office shall establish an Information Security Risk Management Program to identify Information Security related risks and implement procedures to address and manage the risks.
      1. Risk management procedures shall include risk analysis, risk treatment, risk communication, risk monitoring, review, and signoff.
    2. Periodic Information Security risk assessments will be performed to determine areas of vulnerability and to initiate appropriate remediation. These assessments will evaluate risk related to administrative, physical, and technical operational areas to include Critical Information Systems (CIS). Risk assessments shall include:
      1. A list of systems and other services defined as "high-risk" by the institution;
      2. A description of potential risks;
      3. Potential remediation plans of actions and milestones (POA&Ms);
      4. An explanation of residual risks; and
      5. Sign-off by the Sr. Director of Information Security once actions regarding risk mitigation or acceptance have been completed.
    3. All Information Systems must be assessed for risk to the University prior to purchase of, or significant changes to systems that store, process, or transmit data.
    4. Employees and Contractors shall provide support during Information Security risk assessments when applicable to their University business areas to include, but not limited to, being interviewed, providing relevant artifacts, and assisting in the remediation of identified risks.
    5. The Information Security Governance Committee (ISGC) will convene periodically to review the results of the risk assessments and to determine the disposition of potential risks.
  5. Exceptions
    Exceptions to this policy should be submitted to Information Security for review and approval.
  6. Enforcement
    1. Any Employee, Contractor, or third-party performing duties on behalf of the University with knowledge of an alleged violation of this Policy shall notify Information Security as soon as practicable.
    2. Information System Stewards in consultation with the Office of Human Resources may instruct Access Account Managers, or other appropriate personnel to confiscate, temporarily suspend, or terminate Users' access to Information Resources while investigating an alleged violation of this Policy.
    3. Any Employee, Contractor, or other third-party performing duties on behalf of the University who violates this Policy may be denied access to Information Resources and may be subject to disciplinary action, up to and including termination of employment or contract.
  7. Standards Referenced
    1. USM IT Security Standards, v.5, dated July 2022
    2. NIST SP 800-171r2 "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations," dated February 2020
    3.  Cybersecurity Maturity Model Certification (CMMC), v.2.0, dated December 2021
  8. Related Policies
    1. UMGC Policy VIII-20.01 Enterprise Risk Management
    2. UMGC Policy X-1.02 Data Classification
    3. UMGC Policy X-1.04 Information Security
    4. UMGC Policy X-1.05 Information Security Awareness & Training
    5. UMGC Policy X-1.12 Acceptable Use
    6. UMGC Policy X-1.19A Account Management (Learner Community)
    7. UMGC Policy X-1.19B Account Management (Workforce)
  9. Version Effective Date
    This policy is effective as of the date set forth above and supersedes all prior policies on the subject matter hereof.
Request Info
Apply Now
Quick Links
  • Academic Calendar
  • Schedule of Classes
  • Submit Transcripts
  • Request Transcripts
  • Library
  • Events
  • News
  • Administration
  • University Store
  • FERPA
UMGC For
  • Prospective Students
  • Military & Veterans
  • Current Students
  • Partners
  • Alumni
  • Donors
  • Media
  • Job Seekers
Contact Us

855-655-8682
Help Center
More Contact Options
Social Links

Mailing Address
No classes or services at this location
3501 University Blvd. East,
Adelphi, MD 20783

  • Academic Calendar
  • Schedule of Classes
  • Submit Transcripts
  • Request Transcripts
  • Library
  • Events
  • News
  • Administration
  • University Store
  • FERPA
  • Prospective Students
  • Military & Veterans
  • Current Students
  • Partners
  • Alumni
  • Donors
  • Media
  • Job Seekers

855-655-8682
Help Center
More Contact Options
Social Links

Mailing Address
No classes or services at this location
3501 University Blvd. East,
Adelphi, MD 20783

University of Maryland Global Campus
UMGC is a proud member of the University System of Maryland.
Accessibility Terms & Conditions Consumer Disclosures & Policies Privacy Policy Social Media Guidelines Media Protection Title IX/Sexual Misconduct Report Fraud, Waste & Abuse Sitemap
The appearance of U.S. Department of Defense visual information does not imply or constitute DOD endorsement.
Copyright © 2025 University of Maryland Global Campus. All Rights Reserved.

By using our website you agree to our use of cookies. Learn more about how we use cookies by reading our Privacy Policy.

|