Note: Under a new university-wide contract, Sophos Intercept X Advanced is replacing McAfee endpoint protection at UMass Amherst. More information will follow.
For questions, contact the IT professional in your department as applicable, or IT User Services.
This page is intended to provide information to campus IT administrators or people interested in technical aspects of the foundational information security controls.
The foundational information security controls include:
- Anti-virus software
- Patching & central management of University-owned computers
- Data encryption
- Secure Disposal
For more information on the project, refer to the Information Security Controls page.
Sophos anti-virus software helps prevent and detect malicious software (malware/viruses) on computers. Many viruses enable malicious attackers remote access to computers, capture keystrokes including passwords and other sensitive data, share information from web pages being viewed, or search computers for sensitive data. Detecting and preventing these infections helps reduce the risk of data breaches.
Use Anti-Virus Software (download Sophos anti-virus)
Patching & Central Management of University-Owned Computers
Central management of university-owned desktops and laptops allows systems administrators to maintain inventories of university-owned computers, configure consistent security settings on university-owned computers, and install and patch software. UMASS IT provides KACE and Casper software to campus departments to help facilitate patching and central management.
The KACE software facilitates central management and inventory of endpoint Windows and Mac computers. The KACE software will allow systems administrators to initially deploy a consistent operating system image and baseline configuration to Windows computers, and install and patch the software on both Windows and Mac computers. Maintaining a software and hardware inventory, deploying a consistent configuration and enforcing patching of the operating system and software applications help reduce the risk of compromise and data breach.
The KACE software consists of a central console that campus IT Administrators use to manage their computing assets, and a software agent that runs on Windows, Mac and Linux desktop and laptop computers.
JAMF (previously known as Casper)
The JAMF software facilitates central management and inventory of endpoint Apple/Macintosh computers. It provides a similar function as KACE, such as consistent initial configuration, and consistent configuration of security controls to help reduce the risk of compromise and data breach to Apple/Macintosh computers.
Encryption software uses strong mathematical algorithms to encrypt (scramble) data, rendering it unreadable to anyone who does not have the key (passphrase) to decrypt (unscramble) the data. Encryption makes it difficult for unauthorized individuals to access encrypted files, folders or computers, and reduces the risk of data breaches in the event a computer is lost or stolen.
Data Encryption at UMass Amherst
Host-based and network-based firewall help block incoming network attacks. Firewall should be configured to allow only network traffic that is necessary for the operation of the service.
Please contact firstname.lastname@example.org for more information on centrally-managed firewalls.
Securely disposing of computing devices and media helps prevent unauthorized disclosure of institutional information and research data. Refer to the UMASS Procurement and Waste Management guidelines on secure disposal of electronic equipment and the UMASS IT guidelines on secure media disposal.
Additional Security Controls
Additional controls may be required based on the categorization of the information or data, the nature of the information technology resource, the applicable regulatory or contractual requirements, or other risk management calculations.
Please contact email@example.com for more information about implementing these security controls in your department.