IT Security Essential

IT Security Essential

This suite of services provides a foundation of protection for university IT resources, including those that enable teaching, learning, research, and administration. It is a continuation and expansion of the IT security program that has been in place for years.

This service is currently: 

For questions or assistance related to this service

Please contact the ITS Service Center
Enter a Ticket Online | Call 734-764-HELP (764-4357) | 4help@umich.edu | Chat

Tabs

Overview

This suite of services provides a foundation of protection for university IT resources, including those that enable teaching, learning, research, and administration. It is a continuation and expansion of the security program that has been in place for years. 

Features: 

IT Policies, Standards, & Guidelines
ITS has overarching responsibility for U-M IT policy management. To meet this responsibility, ITS staff members develop and publish university and campus IT policies, standards, and guidelines as they relate to the management and use of information and information technology resources. See the IT Policy Development and Administration Framework for details.

Compliance with Laws & Regulations
ITS provides information, coordination, and subject matter expertise that help ensure university
compliance with IT-related laws and regulations.

Education & Awareness 
ITS works to educate and inform the university community about IT security. ITS produces materials and coordinates activities and events that promote information assurance best practices, secure computing habits, secure and compliant use of university computing resources and institutional data, and maintenance of a safe computing environment.

Security Incident Response
Security experts from ITS are available to help units minimize the consequences of IT security incidents. Units are expected to report security incidents by sending email to security@umich.edu or by contacting the ITS Service Center as soon as they are aware of an incident. A security expert will analyze the situation and will work with unit staff to develop and implement a plan for containment and mitigation. Unit IT staff are expected to be familiar with the process for reporting security incidents so they can respond quickly if they become aware of a security incident in their unit or in the larger university community.

Basic Network Monitoring and Protection
Intrusion-detection technologies are built into the fabric of the university's networks. These technologies collect and analyze information about where data comes from and where it goes (that is, IP header information), but they do not look at the data content. This enables early detection of Distributed Denial of Service (DDoS) attacks, worm outbreaks, and other malicious activity that can cause disruption of university IT services.

Risk Analysis
Each university unit must undergo regular risk analyses of all its sensitive and mission-critical computing environments according to a four-year cycle established by ITS. The responsibility for initiating these analyses has fallen to units in the past, but ITS has begun a transition to take this work on itself. ITS will assume this responsibility gradually, unit-by-unit, with the goal of assuming responsibility for initiating all unit risk assessments by 2015.

Hardening Guides
These guides provide information about configuring systems and environments to facilitate a consistent approach to secure configurations across the university. The guides are based on the accumulated experience of ITS in configuring, deploying, and managing sensitive and mission-critical systems and developing hardened configurations for unit environments. The guides are currently available on the Safe Computing website.

Vulnerability Scanning
ITS performs routine, regular scans that remotely examine computers on U-M networks for vulnerabilities and misconfigurations that could be exploited by attackers. Reports are provided to the identified contact person in a unit with the expectation that corrective actions will be taken. Scans may be general in nature or focused on web vulnerabilities, in accordance with a unit's stated requirements. On-demand scanning may be also requested. Requests should be made by sending email to iia.vulnscans@umich.edu.

Who can use the service?: 

IT Security Essential is provided as a common good across the University of Michigan, Ann Arbor campus. The following units are currently out of scope for the service: UMHS, NCRC, U-M Flint, and U-M Dearborn. The release of IT Security Essential will follow the same release schedule as the MiWorkspace rollout. To learn more about this schedule, please visit the MiWorkspace project site

Related Categories: 
User Groups: 
IT Professionals