UMGC Policy X-1.17

Situational Awareness of Information Systems and Technology Resources

Policy Category Policy No. & Title Policy Owner Effective Date Revision Number Revision Eff. Date Review Cycle

X
Information Governance, Security & Technology

X-1.17
Situational Awareness of Information Systems and Technology Resources

VP of Information Security

July 15, 2021

N/A

N/A

Annual

  1. Purpose

    The purpose of this policy is to establish information security standards for the Situational Awareness processes relevant to University of Maryland Global Campus ("UMGC" or "University") Information Technology Resources.

  2. Scope and Applicability

    This policy applies to all University Information Systems and Information Technology Resources. All Users are responsible for adhering to this policy.

  3. Definitions

    Capitalized terms shall have the meaning ascribed to them herein and shall have the same meaning when used in the singular or plural form or any appropriate tense.

    1. Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service.

    2. Employee: University staff and faculty, including nonexempt, exempt, and overseas staff and collegiate faculty.

    3. Information: Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

    4. Information System: Inter-related components of Information Technology Resources working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

    5. Information System Steward: A UMGC staff member or other individual providing services to the University who is responsible for the development, procurement, compliance, and/or final disposition of an Information System.

    6. Information Technology Resource: Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by UMGC directly or by a third party under a contract with UMGC which requires the use of such equipment. The term includes computers, mobile devices, software, firmware, services (including support services), and UMGC's network via a physical or wireless connection, regardless of the ownership of the Information Technology Resource connected to the network.

  4. Situational Awareness

    Information System Stewards or their designee must adhere to the University's Situational Awareness Policy when managing University Information Technology Resources by monitoring threats that may impact University Information Systems and Information.

    1. Information sharing forums and sources must be used to receive and respond to cyber threat intelligence and communicate to stakeholders.

  5. Exceptions

    Exceptions to this policy should be submitted to the VP of Information Security for review and approval. If an exception is requested a compensating control or safeguard should be documented and approved.

  6. Enforcement

    1. Any Employee, Contractor, or third-party performing duties on behalf of the University with knowledge of an alleged violation of this Policy shall notify the VP of Information Security as soon as practicable.

    2. Any Employee, Contractor, or other third-party performing duties on behalf of the University who violates this Policy may be denied access to Information Resources and may be subject to disciplinary action, up to and including termination of employment or contract or pursuit of legal action.

  7. Related Policies

    1. UMGC X-1.04 Information Security

    2. UMGC X-1.05 Information Security Awareness and Training

    3. UMGC X-1.06 Information Security Incident Response

    4. System and Communication Protection

    5. System and Information Integrity Policy

  8. Effective Date

    This policy is effective as of the date set forth above.