Information Assurance (IA) provides a variety of guides, tools, services, and best practices recommendations to help IT professionals secure their systems and devices.
Hardening Guides & Tools
- Hardening Guides & Tools. These guidelines and tools are provided to help you securely manage servers and databases that access or maintain sensitive institutional data.
- Minimum Information Security Requirements for Systems, Applications, and Data. A summary of the minimum expectations for securing systems that handle U-M data.
Sensitive Data Protection
- Access to Employee-Held Data for U-M Units. Units may request access, for business purposes, to university data held in the U-M-provided account or service of an employee or terminated employee in accordance with U-M policy, athough it is preferable to have the employee transfer the information.
- Data Classification Levels. All U-M institutional data is classified into one of four classifications or sensitivity levels. Learn about the levels and security requirements for each one.
- External Funding and Information Security Requirements. The U-M Office of Research coordinates with IT security professionals to meet requirements of government grants or contracts.
- Requesting Addition of a Service to the Sensitive Data Guide. Don't see a service listed in the Sensitive Data Guide? Here's how to ask that the service be considered for inclusion.
- Sensitive Data Discovery. Checks done on MiWorkspace computers to ensure sensitive data is not being stored unnecessarily or improperly. Available to non-MiWorkspace units on request.
- Sensitive Data Guide to IT Services. The Sensitive Data Guide allows you to look up services or data types to determine the appropriate places to store and work with U-M data.
Planning, Compliance & Risk Mitigation
- Disaster Recovery Management. Information and templates for IT disaster recovery planning at U-M.
- MITN: Shared Threat Intelligence at U-M. This shared intelligence repository is used to block attempted attacks on U-M email infrastructure, network IPS, and other central and unit-based systems. U-M units can host MITN sensors and/or make use of the shared MITN data.
- Penetration Testing (Ethical Hacking). A more intrusive active exploitation of security vulnerabilities, only at the request of units or system owners, used to proactively test a critical system.
- Risk Analysis (RECON). A risk assessment methodology used to assess threats and vulnerabilities to mission critical U-M systems and applications, or to systems storing sensitive data.
- Third Party Vendor Security & Compliance. A guide for reviewing and monitoring external service providers that access, maintain, or process institutional data.
- Vulnerability Scanning Services. These automated scans are designed to identify software vulnerabilities, missing system patches, and improper configurations. All U-M networks are scanned quarterly, and units can request on-demand and more frequent scans at no charge.
Security & Privacy Best Practices
- Erasing U-M-Owned Devices. How to properly erase university-owned devices for disposal or transfer.
- Network Printing Best Practices. How to prevent some common networked printer issues, such as spam, denial of service attacks, and other issues that waste your time and resources.
- U-M Safe Computing Website Checker (Chrome Extension). Encourage your faculty and staff to install the Chrome extension that warns users when they are about to visit malicious websites masquerading as the U-M Weblogin page.
- Passwordstate. Units on all U-M campuses may implement Passwordstate through a U-M license for use by their faculty, staff, and students. Use of U-M's Passwordstate license is intended for unit implementations; it is not available to individuals other than through their units. For details, see Passwordstate Use at U-M.