Your role in implementing new info security standards

To Do
1. Read revised Information Security
2. Read supporting standards
3. Attend standards working sessions
4. Review materials from the sessions
5. Ensure ITS services meet the requirements
6. Protect sensitive university data
7. Understand my own responsibilities

No matter what your job at U-M, you have a role to play in implementing the new information security standards and the revised Information Security (SPG 601.27) policy. Your responsibilities could include:

  • Participating in data protection training
  • Reporting suspected or actual IT security incidents
  • Learning and using secure coding best practices
  • Configuring ITS systems to meet minimum security requirements
  • Physically securing IT resources
  • Ensuring that third-party vendors (including cloud providers) meet compliance requirements
  • Meeting specified timelines for patching security vulnerabilities
  • Updating ITS service pages to include information about compliance with the policy and standards
  • And more

Information Assurance (IA) is hosting working sessions for members of the U-M community interested in learning more about the new requirements. Upcoming topics include network security; physical security; and access, authentication, and authorization.

If you missed earlier sessions, you can review the slides, questions and answers, and audio recordings on Safe Computing: