Cybersecurity Data

At the University of Michigan, we strive to keep our data and systems secure. In order to do so, ITS Information Assurance (IA) routinely monitors U-M systems and devices for vulnerabilities, sensitive data, suspicious processes and programs, and malicious connections.

What Cybersecurity Data We Collect

  • User Login Information
    Such as logged-in user name, login time, login location
  • Session Information
    Such as programs run and file names accessed by the endpoint protection software, network connection information
  • Device Information
    Such as device name and type, operating system, vulnerabilities found, installed applications, device security settings
  • Data Identified as Sensitive
    Last four digits of data that look like Social Security numbers (SSNs) and credit card numbers

How We Use Cybersecurity Data

The University of Michigan uses cybersecurity data to protect the security and integrity of U-M systems and resources. Cybersecurity data is used for:

  • Vulnerability Management
    When we assess what systems are vulnerable and need to be updated.
  • Sensitive Data Protection
    When we check for possible SSNs and credit card numbers stored unnecessarily or in inappropriate places.
  • IT Security Incident Detection and Response
    When we identify suspicious processes and programs, as well as malicious internet connections.
  • Approved U-M Investigations
    When we support legal investigations and institutional efforts to protect the safety, property, or rights of the university, its community members and guests.

Collection, access to and use of cybersecurity data is governed by the U-M Standard Practice Guide, primarily Privacy and the Need to Monitor and Access Records (SPG 601.11), Information Security (601.27), and Information Security Incident Reporting (601.25). Additional IT policies and laws & regulations may apply.

How We Collect Cybersecurity Data

  • Automatically
    All cybersecurity data is collected electronically via automated processes in the following circumstances:
    • All machines connected to the U-M network are scanned for vulnerabilities every other month. Units can also request monthly and on-demand vulnerability scanning, or create their own vulnerability scans.
    • MiWorkspace computers and storage are checked for sensitive data twice a year. Non-MiWorkspace units can request their unit’s computers and network storage to be included in the Sensitive Data Discovery checks.
    • Most UM-owned laptops, desktops, and servers have endpoint protection software installed on them.

How We Share Cybersecurity Data

The University of Michigan does not sell or rent cybersecurity data. We share it with:

  • Service Providers
    That enable U-M scanning processes, such as CrowdStrike and Tenable. We strive to require our service providers to keep your personal information secure and use it only for providing services on the university’s behalf.
  • Authorized Parties
    Personal information may also be shared when required by law, or to protect the safety, property, or rights of the university, its community members and guests. This is done only in accordance with SPG 601.11: Privacy and the Need to Monitor and Access Records. For more information on required authorizations and approvals, see the ITS IA Standard Investigatory Support Process (U-M login required).