As a UMBC staff or faculty member, it is essential that you take appropriate steps to protect university information.
If you have any questions about devices you want to use or how to classify information, please contact the DoIT Security Department at security@umbc.edu.
It is better to ask before possibly causing an information breach.
Information Classification
The first step in understanding which devices can be used with which data is to understand the classification of the information you need to use with the device.
The four levels of information classification at UMBC are described through this FAQ: Information Classification at UMBC
Permitted Devices by Information Classification
The way that we need to secure the information depends on the level of the information. The higher the level, the more security we need to apply to the information. When trying to determine which types of device can be used with which types of information, please consult the following matrix.
The device must match the highest level of information on the device. For example, if a computer is regularly used with Level 1 information and has only a few Social Security numbers on it for a one-time task, the whole device must match the higher Level 2 requirements (due to the SSNs), or the SSNs must be removed from the computer.
It is always better to use a UMBC Owned Device or the UMBC Virtual Desktop Environment whenever possible, even with Level 0 and Level 1 Information.
Level 0 | Level 1 | Level 2 | Level 3 | |
---|---|---|---|---|
UMBC Owned Device | Yes | Yes | Yes** | Yes** |
UMBC Virtual Desktop Environment | Yes | Yes | Yes | No |
Employee Owned Device | Yes | Yes | No | No |
Public Device | Yes | No | No | No |
** The UMBC Owned Devices need to have particular security configurations and tools installed to be able to work with Level 2 and Level 3 information.
For information on using the UMBC Virtual Desktop Environment, please review the following FAQ: UMBC VDE