Information Assurance (IA) is committed to continually improving and streamlining capabilities, tools, and resources that support all of our shared responsibility to protect U-M systems and data. To this end, we are announcing changes to some key IA tools that will improve our unit partners’ ability to analyze and reduce security threats and risks for their units.
New InfoAssure Portal
IA has transitioned to the new InfoAssure.umich.edu portal for IT Security Risk Analysis, having retired the previous web portal on March 31st.
The new portal, using technology from OneTrust, provides a smoother and faster workflow for Risk Evaluation of Computers and Open Networks (RECONs). The new InfoAssure portal allows IA staff and unit partners to send and receive information, respond to questions, and mark tasks complete, while storing the information about an assessment in a single place.
“This also helps replace the need for internal development of tools to track and manage our important risk management work,” said Sol Bermann, Executive Director of Information Assurance and Chief Information Security Officer.
IA also hopes to leverage this tool to support external third party risk assessment, and possibly other assessment processes in the future.
The original MitiGate portal provided Security Unit Liaisons (SULs), unit IT leaders, and unit leadership with security risk information. The tool, developed by IA in 2019, sourced point-in-time data from multiple authoritative systems. Since that time, there have been improvements to IA solutions, including the CrowdStrike console, Tenable.io for unit IT, and the Sensitive Data Discovery portal.
To provide easier access to real-time data, IA is replacing the MitiGate application with a web page for MitiGate Resources (accessible only by Security Unit Liaisons) that combines:
- Shortcuts to the systems providing real-time data.
- Important information contained in IT Security Community presentations and Unit Security Checklists.
- Links to other IA capabilities designed to help units identify and manage IT security risks.
If you have any questions regarding these IA updates, submit a ticket to the ITS Service Center and assign it to the ITS-Security group.