The University of Massachusetts Amherst (UMass Amherst) has established a set of information technology policies to ensure the security and integrity of online data. These policies are designed to protect the university's computer systems, networks, and data from unauthorized access, use, disclosure, modification, or destruction. The UMass Amherst information technology policies for data security online are based on industry best practices and compliance with federal and state regulations.
Data Security Policy Overview
The UMass Amherst data security policy is guided by the principle of protecting sensitive information and ensuring the confidentiality, integrity, and availability of university data. The policy applies to all members of the university community, including faculty, staff, students, and affiliates. It covers all university-owned or managed computer systems, networks, and data, as well as personally owned devices used to access university resources.
Data Classification
UMass Amherst classifies data into four categories: public, internal, sensitive, and restricted. Public data is information that is openly available to the public, such as university news and events. Internal data is information that is intended for internal use only, such as employee directories and departmental budgets. Sensitive data includes personally identifiable information (PII), financial information, and other data that requires special handling and protection. Restricted data is highly sensitive information that is subject to specific laws and regulations, such as student education records and healthcare information.
| Data Classification | Description | Examples |
|---|---|---|
| Public | Openly available to the public | University news, events, and publications |
| Internal | Intended for internal use only | Employee directories, departmental budgets |
| Sensitive | Personally identifiable information (PII), financial information, and other special handling data | Social Security numbers, credit card numbers, student grades |
| Restricted | Highly sensitive information subject to specific laws and regulations | Student education records, healthcare information, financial aid records |
Access Control and Authentication
UMass Amherst implements various access control and authentication measures to protect university data and systems. These measures include multi-factor authentication, which requires users to provide two or more verification factors, such as a password and a code sent to their phone or a biometric scan. The university also uses role-based access control, which grants access to systems and data based on a user鈥檚 role or job function.
Network Security
The UMass Amherst network is protected by a range of security measures, including firewalls, intrusion detection and prevention systems, and encryption. The university also implements secure protocols for remote access, such as VPN (Virtual Private Network) connections.
UMass Amherst has a incident response plan in place to respond to security incidents, such as data breaches or system compromises. The plan includes procedures for containment, eradication, recovery, and post-incident activities.
What are the consequences of violating UMass Amherst data security policies?
+Violating UMass Amherst data security policies can result in disciplinary action, up to and including termination of employment or expulsion from the university. Additionally, individuals may be subject to civil or criminal penalties for violating federal or state laws related to data security.
How can I report a suspected data security incident?
+If you suspect a data security incident, such as a phishing attempt or a lost or stolen device, you should immediately report it to the UMass Amherst Information Technology department. You can submit a report online or contact the IT help desk for assistance.
UMass Amherst is committed to protecting the security and integrity of university data. By following the university鈥檚 information technology policies and procedures, members of the university community can help ensure the confidentiality, integrity, and availability of university information.
