Information Assurance (IA) provides a variety of guides, tools, and best practices recommendations to help IT professionals secure their systems and devices.
- Server & Database Hardening. Apply these strategies to ready your servers and databases to handle sensitive data.
Sensitive Data Protection
- U-M Data Classification Levels. All U-M institutional data is classified into one of four classifications or sensitivity levels. Learn about the levels and security requirements for each one.
- Sensitive Data Guide to IT Services. The Sensitive Data Guide allows you to look up services or data types to determine the appropriate places to store and work with U-M data.
- Requesting Addition of a Service to the Sensitive Data Guide. Don't see a service listed in the Sensitive Data Guide? Here's how to ask that the service be considered for inclusion.
- External Funding and Information Security Requirements. The U-M Office of Research coordinates with IT security professionals to meet requirements of government grants or contracts.
Planning, Compliance & Risk Mitigation
- Disaster Recovery/Business Continuity Planning. Info and templates for IT disaster recovery planning at U-M.
- Risk Analysis (RECON). A risk assessment methodology used to assess threats and vulnerabilities to mission critical U-M systems and applications, or to systems storing sensitive data.
- Third Party Vendor Security & Compliance. A guide for reviewing and monitoring external service providers that access, maintain, or process institutional data.
Security & Privacy Best Practices
- Network Printing Best Practices. How to prevent some common networked printer issues, such as spam, denial of service attacks, and other issues that waste your time and resources.
- Securely Dispose of Media. Information about the responsibility of university departments to securely dispose of or destroy any media that has ever held, stored, or transmitted sensitive university data.
- Erasing U-M-Owned Devices. How to properly erase university-owned devices for disposal or transfer.
- Getting Access to Someone Else's Account. Guidance describing the circumstances under which such access may be permitted and the procedures for requesting it.