With this special edition of ITforUM, our goal is to update you about several important IT security initiatives that are underway. The Office of Information Technology continues to aggressively pursue a safer and more secure computing environment for the university, and we have developed a comprehensive plan to increase the scope of campus IT security procedures.

The current security measures, including encryption, firewalls, intrusion detection, and password protection, are designed to protect sensitive data and information. For instance, Web browser access to critical university systems (e.g. faculty and staff completing electronic timesheets or students using Testudo) is secured.

Section 12-112 of the Education Article of the Maryland Code requires the University System of Maryland (USM) to develop IT policies and standards that are functionally compatible with the IT policies of the state government. To that end, the security officers of the USM institutions have developed a document entitled, “Guidelines in Response to the State IT Security Policy.” This document, which has been accepted by the state’s Office of Legislative Audits, describes the steps that must be taken to be compliant with the state’s IT policies.

Through cooperation with state and USM auditors, OIT has set in motion plans to meet or exceed the requirements of the “Guidelines” to ensure the security of university IT resources. The successful implementation of these additional layers of security, however, will require sacrifices by the campus community in the area of convenience:

• Passwords must be changed every 90 days. There will also be additional requirements for password length and complexity. Please see the article on passwords in this edition (link).
  
  
• Wireless access points that do not use the university’s authentication service, such as those purchased by students and those in other campus locations may be turned off.
  
  
• Increased security around our critical systems will necessitate the use, in some cases, of virtual private networking software, or additional login screens. Please see the article on virtual private networks in this edition (link).
  

More information about these upcoming security requirements will be forthcoming.

OIT professionals have been, and will continue to be, actively engaged in addressing the difficult and ever-changing security issues facing the university to enhance the safekeeping of personal information and sensitive data. With the combined efforts of OIT staff, state officials, and the university community, we expect to have the next iteration of an enhanced security environment in place by the beginning of the fall 2006 semester.