Information Assurance (IA) provides a variety of guides, tools, services, and best practices recommendations to help IT professionals secure their systems and devices.
Hardening Guides & Tools
- Hardening Guides & Tools. These guidelines and tools are provided to help you securely manage servers and databases that access or maintain sensitive institutional data.
- Logging Configuration for U-M Systems Guidelines for configuring logging on all U-M IT systems.
- Minimum Information Security Requirements for Systems, Applications, and Data. A summary of the minimum expectations for securing systems that handle U-M data.
Sensitive Data Protection
- Access to Employee-Held Data for U-M Units. Units may request access, for business purposes, to university data held in the U-M-provided account or service of an employee or terminated employee in accordance with U-M policy, athough it is preferable to have the employee transfer the information.
- Data Classification Levels. All U-M institutional data is classified into one of four classifications or sensitivity levels. Learn about the levels and security requirements for each one.
- External Funding and Information Security Requirements. The U-M Office of Research coordinates with IT security professionals to meet requirements of government grants or contracts.
- Requesting Addition of a Service to the Sensitive Data Guide. Don't see a service listed in the Sensitive Data Guide? Here's how to ask that the service be considered for inclusion.
- Sensitive Data Discovery. Checks done on MiWorkspace computers to ensure sensitive data is not being stored unnecessarily or improperly. Available to non-MiWorkspace units on request.
- Sensitive Data Guide to IT Services. The Sensitive Data Guide allows you to look up services or data types to determine the appropriate places to store and work with U-M data.
Planning, Compliance & Risk Mitigation
- Disaster Recovery Management. Information and templates for IT disaster recovery planning at U-M.
- MitiGate. An online gateway to unit IT security risk and compliance data for Security Unit Liaisons (SULs), unit IT leaders, and unit leadership. It provides a window into IT security and risk data pulled from multiple systems all in one place
- MITN: Shared Threat Intelligence at U-M. This shared intelligence repository is used to block attempted attacks on U-M email infrastructure, networks, and other central and unit-based systems. U-M units can host MITN sensors and/or make use of the shared MITN data.
- Penetration Testing (Ethical Hacking). A more intrusive active exploitation of security vulnerabilities, only at the request of units or system owners, used to proactively test a critical system.
- Risk Analysis (RECON). A risk assessment methodology used to assess threats and vulnerabilities to mission critical U-M systems and applications, or to systems storing sensitive data.
- Third Party Vendor Security & Compliance. A guide for reviewing and monitoring external service providers that access, maintain, or process institutional data.
- Vulnerability Scanning Services. These automated scans are designed to identify software vulnerabilities, missing system patches, and improper configurations. All U-M networks are scanned quarterly, and units can request on-demand and more frequent scans at no charge.
Security & Privacy Best Practices
- Erasing U-M-Owned Devices. How to properly erase university-owned devices for disposal or transfer. The KillDisk tool is available for your use on university-owned computers.
- Network Printing Best Practices. How to prevent some common networked printer issues, such as spam, denial of service attacks, and other issues that waste your time and resources.
- U-M Safe Computing Website Checker (Chrome Extension). Encourage your faculty and staff to install the Chrome extension that warns users when they are about to visit malicious websites masquerading as the U-M Weblogin page.
- Passwordstate. The university has licensed Passwordstate for password management within U-M units. Passwordstate is an on-premise, web-based solution for enterprise password management that allows teams of people to access and share sensitive password resources. It is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases. For details, see Unit Password Management for Privileged Accounts.