Information Assurance (IA) provides a variety of guides, tools, services, and best practices recommendations to help IT professionals secure their systems and devices.
- Server & Database Hardening. Apply these strategies to ready your servers and databases to handle sensitive data.
Sensitive Data Protection
- Access to Employee-Held Data for U-M Units. Units may request access, for business purposes, to university data held in the U-M-provided account or service of an employee or terminated employee in accordance with U-M policy, athough it is preferable to have the employee transfer the information.
- Data Classification Levels. All U-M institutional data is classified into one of four classifications or sensitivity levels. Learn about the levels and security requirements for each one.
- External Funding and Information Security Requirements. The U-M Office of Research coordinates with IT security professionals to meet requirements of government grants or contracts.
- Requesting Addition of a Service to the Sensitive Data Guide. Don't see a service listed in the Sensitive Data Guide? Here's how to ask that the service be considered for inclusion.
- Sensitive Data Discovery. Checks done on MiWorkspace computers to ensure sensitive data is not being stored unnecessarily or improperly. Available to non-MiWorkspace units on request.
- Sensitive Data Guide to IT Services. The Sensitive Data Guide allows you to look up services or data types to determine the appropriate places to store and work with U-M data.
Planning, Compliance & Risk Mitigation
- Disaster Recovery Planning. Information and templates for IT disaster recovery planning at U-M.
- Penetration Testing (Ethical Hacking). A more intrusive active exploitation of security vulnerabilities, only at the request of units or system owners, used to proactively test a critical system.
- Risk Analysis (RECON). A risk assessment methodology used to assess threats and vulnerabilities to mission critical U-M systems and applications, or to systems storing sensitive data.
- Third Party Vendor Security & Compliance. A guide for reviewing and monitoring external service providers that access, maintain, or process institutional data.
Security & Privacy Best Practices
- Erasing U-M-Owned Devices. How to properly erase university-owned devices for disposal or transfer.
- Network Printing Best Practices. How to prevent some common networked printer issues, such as spam, denial of service attacks, and other issues that waste your time and resources.
- U-M Safe Computing Website Checker (Chrome Extension). Encourage your faculty and staff to install the Chrome extension that warns users when they are about to visit malicious websites masquerading as the U-M Weblogin page.