Information Assurance (IA) provides a variety of guides, tools, services, and best practices recommendations to help IT professionals secure their systems and devices.
Protecting Sensitive Data
- Data Classification Levels. All U-M institutional data is classified into one of four classifications or sensitivity levels. Learn about the levels and security requirements for each one.
- Sensitive Data Guide. Find out which services can be used to store or handle which types of sensitive data.
- Requesting Addition of a Service to the Sensitive Data Guide. Don't see a service listed in the Sensitive Data Guide? Here's how to ask that the service be considered for inclusion.
Hardening & Protecting U-M Systems
- Minimum Information Security Requirements for Systems, Applications, and Data. A guide to what security measures must be used for each classification level of sensitive data.
- Hardening for U-M Systems. Guidelines for hardening U-M computers using CIS-CAT.
- Logging Configuration for U-M Systems Guidelines for configuring logging on all U-M IT systems.
- Disaster Recovery Management. Information and templates for IT disaster recovery planning at U-M.
- Unit Password Management for Privileged Accounts. The university has licensed Passwordstate, a solution for enterprise password management that allows teams of people to access and share sensitive password resources. It is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases.
Checking System & Data Security
- Risk Analysis (RECON). A risk assessment methodology used to assess threats and vulnerabilities to mission critical U-M systems and applications, or to systems storing sensitive data.
- Sensitive Data Discovery. Checks done on MiWorkspace computers to ensure sensitive data is not being stored unnecessarily or improperly. Available to non-MiWorkspace units on request.
- Tenable Vulnerability Scanning. These automated scans are designed to identify software vulnerabilities, missing system patches, and improper configurations. All U-M networks are scanned quarterly, and units can request on-demand and more frequent scans at no charge.
- Penetration Testing (Ethical Hacking). A more intrusive active exploitation of security vulnerabilities, only at the request of units or system owners, used to proactively test a critical system.
- Checking Systems for Signs of Compromise. What to look for if you are concerned your IT system may have been compromised or attacked.
For other resources relevant to IT and Security professionals, visit the Protect the U section of the website.