|Policy Category||Policy No. & Title||Policy Owner||Effective Date||Revision Number||Revision Eff. Date||Review Cycle|
Information Governance, Security & Technology
Situational Awareness of Information Systems and Technology Resources
|VP of Information Security||July 15, 2021||N/A||N/A||Annual|
The purpose of this policy is to establish information security standards for the Situational Awareness processes relevant to University of Maryland Global Campus ("UMGC" or "University") Information Technology Resources.
Scope and Applicability
This policy applies to all University Information Systems and Information Technology Resources. All Users are responsible for adhering to this policy.
Capitalized terms shall have the meaning ascribed to them herein and shall have the same meaning when used in the singular or plural form or any appropriate tense.
Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service.
Employee: University staff and faculty, including nonexempt, exempt, and overseas staff and collegiate faculty.
Information: Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.
Information System: Inter-related components of Information Technology Resources working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Information System Steward: A UMGC staff member or other individual providing services to the University who is responsible for the development, procurement, compliance, and/or final disposition of an Information System.
Information Technology Resource: Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by UMGC directly or by a third party under a contract with UMGC which requires the use of such equipment. The term includes computers, mobile devices, software, firmware, services (including support services), and UMGC's network via a physical or wireless connection, regardless of the ownership of the Information Technology Resource connected to the network.
Information System Stewards or their designee must adhere to the University's Situational Awareness Policy when managing University Information Technology Resources by monitoring threats that may impact University Information Systems and Information.
Information sharing forums and sources must be used to receive and respond to cyber threat intelligence and communicate to stakeholders.
Exceptions to this policy should be submitted to the VP of Information Security for review and approval. If an exception is requested a compensating control or safeguard should be documented and approved.
Any Employee, Contractor, or third-party performing duties on behalf of the University with knowledge of an alleged violation of this Policy shall notify the VP of Information Security as soon as practicable.
Any Employee, Contractor, or other third-party performing duties on behalf of the University who violates this Policy may be denied access to Information Resources and may be subject to disciplinary action, up to and including termination of employment or contract or pursuit of legal action.
UMGC X-1.04 Information Security
UMGC X-1.05 Information Security Awareness and Training
UMGC X-1.06 Information Security Incident Response
System and Communication Protection
System and Information Integrity Policy
This policy is effective as of the date set forth above.