Skip to main content

Research Cybersecurity

Cybersecurity and risk management are shared responsibilities across campus. As individuals entrusted with our academic and research mission, we must work fearlessly forward to bridge gaps and ensure we are collectively protecting the cyberinfrastructure of all research conducted at University of Maryland. The research community is often met with unique challenges and security compliance requirements that we want to help alleviate through collaboration and facilitation.

DIT’s Research Computing Cybersecurity Program

The Research Computing team's Research Cybersecurity program aims to encourage researchers to take control of their data, understand their implementation of security controls, assess security risks, and encourage an overall better security posture across UMD's research community. The program provides clarity on centrally-managed services vs. what individuals are responsible for.

Facilitators can help researchers understand additional factors that affect their research and the security of their data

“The CUIE system has helped our team meet secure data storage requirements and has been far more convenient than a traditional cold room. We greatly appreciate the CUIE team's expertise in navigating the technical and legal challenges to storing and accessing restricted data.” 

-Heide Jackson, Assoc Research Professor, BSOS-Maryland Population Research Center


The Quick Fives

Five steps UMD researchers can take to improve cybersecurity, protect confidential information, and prevent data loss:

  1. Use campus email for university business (IT-14: Standard on Institutional Email), always pay attention to the sender’s email, and be suspicious of unfamiliar links.
  2. Back up your data and store offline copies.
  3. Use UMD owned devices with campus anti-malware solution (FireEye) or use the UMD Virtual Workspace.
  4. Automatically install updates onto your devices.
  5. Use UMD Box to collaborate with high risk data. Use Secure Share to send messages and files containing sensitive information.

Five steps UMD researchers with servers and lab equipment can take to improve cybersecurity, protect confidential information and prevent data loss:

  1. Back up your data and store offline copies.
  2. Use UMD owned devices with campus anti-malware solution (FireEye).
  3. Automatically install updates onto your servers and periodically scan for vulnerabilities.
  4. Use Duo Multi-Factor Authentication to access your servers and contact DIT to help set up network firewalls.
  5. Limit, monitor, and log physical access to your server facilities.

IT Managers/System Security Officers: Review the IT-5 Checklist (Standard on the Security of Information Technology Resources) and ensure your systems are meeting campus standards.


Restricted Research Data: Some data types require specific controls and processes for protections. Contact it-compliance@umd.edu or it-research-consult@umd.edu for assistance if your research involves this data.

Prevent data loss and harm to the university by following best practices, documenting your security-focused implementations, and sharing your contact information with us so we can reach out to you when there are cybersecurity threats to our campus and data. DIT provides various cybersecurity tools and services that you can use to secure your systems. The practices are based on guidelines listed in NIST 800-171UMD IT-4: Standard for Protecting Sensitive Information, and UMD IT-5: Standard on the Security of Information Technology Resources.


Research Cybersecurity Toolkit

DIT Resources for Data Management Plans
Data Risk Guide to Commonly Used DIT Services

Data Protection

Key Tools: Code42 Workstation BackupsSpectrum ProtectSecure ShareStorage Device Destruction, OneTrust, InCommon Certificates

  • Fully understand the sensitivity of the function or operation being supported by the system and the data being stored or manipulated on the system.
  • Encrypt stored sensitive data wherever possible to minimize disclosure if the system is compromised. Ensure that sensitive data can be recovered.
  • Encrypt sensitive data being transmitted to-and-from the system to ensure the data is protected in transit.
  • Securely remove data from media once that data or device is no longer required, in order to prevent unauthorized disclosure of data. Drive destruction is a very effective method.
  • Provide protection of scientific data from ransomware and other data integrity attack mechanisms.
  • Control any non-public information posted or processed on publicly accessible information systems.

System Security

Key Tools: MECM, Nexpose, FireEyeFirewallsInCommon Certificates

  • Choose not to employ operating systems or software for which security support is no longer provided. If you must, strictly limit network access to those systems.
  • Proactively seek out and apply vendor-supplied fixes necessary to repair security vulnerabilities, within a time frame commensurate with the level of risk.
  • Remove or disable unneeded services and software, especially those that are network accessible.
  • Unless a system is on a private network, scan computers for security vulnerabilities at least monthly, to ensure new vulnerabilities are promptly identified and addressed. Scans should also be conducted:
    • Immediately after installation or configuration of a new system is completed.
    • Immediately after introduction of a new operating system or an upgrade to an existing operating system.
    • Immediately after installation or upgrade of networking or other system software.
  • Install and maintain anti-virus software on operating systems for which the university has licensed such software and maintain current virus pattern files.
  • Subscribe to vendor and other advisory services applicable to the operating environment being maintained.
  • Stay current on security issues that affect the university environment by joining the UTCC community of practice and visiting the security section of the DIT website.
  • Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
  • Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
  • Identify, report, and correct information and information system flaws in a timely manner.
  • Provide protection from malicious code at appropriate locations within organizational information systems.
  • Update malicious code protection mechanisms when new releases are available.
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

Access Control

Key Tools: CASActive DirectoryDuoInCommon CertificatesMECM, Admin accounts

  • Ensure that IT resources are secured against theft and systems holding sensitive data are protected from unauthorized physical access.
  • Deploy encrypted communications methods for secure access to the system.
  • Where technically possible, only allow legitimate and authorized network access to systems.
  • Require all users to be identified and authenticated before access is allowed.
  • Perform day-to-day work as a non-privileged user and only use privileged accounts for tasks that require additional capabilities.
    • How to comply:
      • Create non-privileged accounts for all users.
      • Create separate accounts for users who need additional privileges and instruct them to only use those accounts when they need to utilize those additional privileges.
  • Ensure that all accounts require a password. When technically feasible, utilize CAS (Central Authentication Service) for authentication to leverage central account management and multi-factor authentication.
  • Where technically practicable, use multi-factor authentication for privileged access to servers, applications, and network infrastructure.
  • Ensure that reusable passwords are not sent over the network in clear-text.
    • How to comply:
      • Enable SSL or other encryption capabilities.
      • SSL certificates can be requested free of charge from the IT Service Catalog.
  • Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
  • Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
  • Verify and control/limit connections to and use of external information systems.
  • Identify information system users, processes acting on behalf of users, or devices.
  • Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

Accountability

Key Tools: SplunkCybersecurity Training

  • If a system is capable, log the following list of system activities. Work with DIT to determine if these logs are a good candidate for inclusion in the centralized Splunk enterprise logging solution: [IA.1.076]
    • Successful user logins, including the location from which the logins originated.
    • Unsuccessful login attempts, including the location from which the attempts originated.
    • Unsuccessful file access attempts.
    • Successful file accesses for files and databases containing sensitive data.
  • The following activities must be reported immediately to the DIT IT Security Office (301-226-4225):
    • Suspected or actual security breaches of university information or of information systems.
    • Systematic unsuccessful attempts to compromise information.
    • Suspected or actual weaknesses in the safeguards protecting university information or information systems.
    • Missing or stolen equipment. Such incidents must also be reported to University Police.
  • Provide regular cybersecurity awareness training for authorized users of information systems, including in recognizing and responding to social engineering threats and breaches.

How to Implement
Use Splunk log management software:

  • Request Splunk log management by emailing splunk-admins@umd.edu. Logs can be reviewed in the Splunk Web UI.
  • Complete Defend Your Shell training. Additional training is available through Linkedin Learning.

Contact

Division of IT, Research Computing 
it-research-consult@umd.edu

Back to Top