Data Type Description
IT Security Information consists of information that is generated as a result of automated or manual processes that are intended to safeguard the university’s IT resources. It includes settings, configurations, reports, log data, and other information that supports IT security operations.
Passwords, a particular type of IT Security Information, should not be permanently stored in any online storage service. Normally passwords should not need to be conveyed from one person to another; people should set their own initial password and use account recovery for forgotten passwords. However, in cases where a hand-off between two persons is unavoidable, passwords may be electronically conveyed as long as certain conditions are met:
- A password can be put in a Dropbox at U-M Paper and shared with the person it is for if the Paper is deleted after five days.
- A password can be sent via Gmail at U-M only if Virtru encryption is used, forwarding is disabled, and the message is set to expire after five days.
- Password recipients should be advised to change their password immediately on first use.
Data Steward: Information Assurance
Examples
- Access and authentication logs
- IT security program plans
- IT security incident information
- Firewall rules
- Privileged Credentials