The School of Medicine takes computer and network security very seriously. We work closely with campus, FPI and UMMC to defend against threats. Our security policies comply with federal, state and University System requirements.
- Some security steps are yours alone to take.
- Select strong passwords.
- Never share passwords with others.
- Do not allow others to use your login accounts.
- Some measures are ours.
- Manage antivirus software updates.
- Manage critical operating systems patches.
- Monitor the network for signs of malicious data traffic
- A few things we do together.
- You contact the SOM Help Desk when a new computer arrives.
- You determine if the computer is behind the SOM firewall.*
- We configure it to comply with current security policies.
For questions about computer or network security, call the SOM Help Desk (6-3998).
* To determine if your computer is behind the SOM firewall, go to http://medschool.umaryland.edu/is/iprange.asp and read the assessment.
PDA and Mobile Security
What is sensitive information?
Information is considered sensitive in this context if it contains the identity of individuals, HIPAA protected health information (i.e., health information connected to any of 18 personal identifiers), or data which if released to the public would cause harm to the School of Medicine.
What is my responsibility to protect sensitive information?
Because of your employment and role in the School of Medicine, you have been entrusted by this organization or by other organizations to work with collections of sensitive information. It is your personal responsibility to take necessary precautions to keep that information confidential and secure when it is in your possession.
What precautions are necessary to protect sensitive information on portable devices?
Portable devices such as laptop or notebook computers and PDAs are easily lost or stolen. Portable devices containing sensitive information must remain under your control at all times. Each of these devices must at the very least be protected by a complex password supplied during device power-up, restart or awakening from hibernation.
Consult your local IT support provider or Help Desk for assistance to ensure your laptop/notebook computer is protected by power-up password-protection.
When these devices are not in use or in your personal possession, they must be physically secured to discourage theft. Examples of acceptable physical security for a laptop computer includes securing it via a metal tether cable to a desk or other substantial piece of furniture, placing it in a locked desk drawer or putting it in an in-room hotel safe.
There are many types of metal security cables available to tether laptop/notebook computers. To review the choices and to order one that best suits your needs, visit http://www.cdwg.com/ and search for "security lock".
What is mobile media?
Mobile media refers to any form of data storage that can be readily removed from a computer and moved to another computer or location. Examples of commonly used mobile media are CD/DVD ROMs, USB memory sticks, external disk drives, Zip disks and floppy disks.
What precautions are necessary to protect sensitive information on mobile media?
Physical security measures are helpful here as well. Make sure that mobile media remain under your control at all times. When not in use, they must be kept locked up and out of sight. In addition, sensitive information stored on mobile media must be encrypted to prevent unintended access. The School of Medicine is evaluating choices for data encryption on mobile media and portable devices. An announcement about approved products will be made later.
During the interim, password protect documents created by Microsoft Office 2003 or later versions that contain sensitive information. These include Word, Excel and Access files.