Overview

The Information Security Office oversees activities to identify, detect, protect, respond to and recover from adverse information security events that might affect the University or its employees.

Under the direction of the Chief Information Security Officer, the Information Security Office applies technologies and practices to mitigate and manage risks to University information and information systems. The office promotes, plans for, and guides the safe use of information and information technology, as it integrates into every aspect of the University of Maine System mission.

The office builds awareness of cyber threats, appropriate behavior, and tools and practices in protecting our information assets.

Faculty, staff and students can find information and guidance by visiting the Information Security page in the UMS Portal (login will be required).

[Back to Top]


Awareness

The Information Security Office provides security  awareness and training to University employees.  

  • Annual awareness training is provided through the compliance track of the UMS Academy, which is available through the my campus portal.
  • Roles-based or auxiliary trainings are provided on an as needed basis.
  • Articles, notices and security reminders are sent via Information Security Newsletters, Information Security Alert messages, the US:IT Newsletter and other forms and campaigns.

[Back to Top]


Policy, Standards & Guidance

The objective of the information security policy is for the Board of Trustees to convey their direction for the appropriate use and protection of UMS information assets and to specify the requirements for protecting those assets.

Auxiliary Standards and guidance support the Policy, and explain and specify a required level of attainment. 

Policy & Standards:

Information Security Policy (Sect. 901) 

Information Security Standards 

Administrative Practices Letters:

Employee Protection of Data APL (See Section VI-C)

Information Security Incident Response APL (See Section VI-B)

Credit/Debit Card Standards APL (See Section IV-F)

Directives & Guidance:

Acceptable Use Policy

Teaching Standards for Safeguarding Information (login required)

Contract Standards for Safeguarding Information (Attachment/Rider C) (login required)

 Other guidance is available on the Information Security page of the My Campus portal (login required).

[Back to Top]


Incidence Response

Actual or suspected information security incidents must be reported. Timely reporting is a necessity for effective response and remediation. In many cases, reporting, response, and remediation are required by regulation, statute, contract, or other University obligation. 

Generally, incidents may be reported through your campus Help Desk. For incidents that you deem have a high scope, impact, or sensitivity, you may seek guidance through a trusted manager or the Information Security Office. Full directives and guidance may be found in the Information Security Incident Response Administrative Practice Letter, APL VI-B.   

Phishing is fraudulent attempts to gain access to your credentials, University or personal information, account or financial information, or other information of value. Phishing presents a serious and ongoing threat to the University; and is the primary method by which malicious actors and technology are introduced into our environment. The Information Security Office has created a special reporting mechanism for suspected or actual Phish attacks: you may email  phish@maine.edu

[Back to Top]


Contact Information

Telephone: 207-581-9105 (8am-5pm Monday – Friday)

Email: infosecurity@maine.edu

  • John Forker – Chief Information Security Officer
  • Troy Jordan – Senior Cyber-Security Analyst
  • Ben Grooms – Information Security Specialist
  • Jean Schmidt – Information Security Analyst

[Back to Top]