Janet Eaton, Information Assurance

Janet Eaton, Information Assurance

Contact Janet at jmfeaton@umich.edu.

Google Chrome verification begins May 7

Beginning Monday, May 7, Google is rolling out a new security feature that requires users to verify their identity when using the Chrome browser to log in to Google at U-M. The information below explains what to expect with the new Google Chrome verification process. When you log in to your Google at U-M account using the Chrome… Read More »

Units to test prompts to set account recovery info

If you forget your UMICH (Level-1) password and want to reset it yourself, you can do so only if you previously saved account recovery information at UMICH Account Management. That’s because the university needs to know where to send you a password-reset code. Most new students and employees now provide account recovery information as part of self-serve uniqname setup, but many of… Read More »

Vulnerability management & vendor compliance standards published

Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »

Option to get password reset codes by text coming soon

Later this spring, a new option for account recovery will be added to UMICH Account Management. Currently, if you forget your UMICH (Level-1) password, you can receive a password reset code by email (as long as you have provided a non-UMICH email address for that purpose). Information and Technology Services (ITS) is working to give you the option… Read More »

OpenID Connect now available with Shibboleth at U-M

Setting up single sign-on for a new service? The university’s preferred solution, Shibboleth, has a new option that makes it work with additional services. Shibboleth at U-M can now be set up to use either of these two industry standard protocols: Security Assertion Markup Language (SAML). For most services, SAML will be your best choice. Most services that… Read More »

Report phishing to ReportPhish@umich.edu

There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. When you use this new address, you send your phishing report directly to the Information Assurance (IA) staff members who focus on protecting the university community from phishing. They can quickly check your report and then add that information to the anti-phishing tools used to block malicious… Read More »

U-M preparing GDPR compliance program

The General Data Protection Regulation (GDPR), which takes effect May 25, 2018, will affect organizations worldwide, including universities. The regulation expands personal privacy rights for European Union residents. It will take some time for organizations around the world to sort through, understand, and determine the implications of the GDPR requirements, as well as figure out how best to… Read More »

Reset forgotten UMICH passwords without security questions

Beginning February 24, you will be able to reset your UMICH (Level-1) password yourself without having to remember answers to your security questions. Before you can reset your UMICH password online at UMICH Account Management, your identity must be verified. For several years that has been done through the use of pre-set security questions and answers along with… Read More »

Units can deploy Passwordstate under U-M license

You can deploy Passwordstate in your unit under a U-M license that covers use by U-M faculty, staff, and students on all U-M campuses. Passwordstate allows teams of people to access and share sensitive password resources and is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases.… Read More »

New guidance, services for erasing devices before disposal

Before you get rid of any device you have used to work with, store, or access sensitive university data, you must make sure it is securely erased (sanitized). This keeps university data—and your personal information—from falling into the wrong hands. University-owned devices Sanitization and disposal of MiWorkspace devices is handled by MiWorkspace staff. Others who are responsible for… Read More »

Your input needed on long-term plans for cosign

The ITS Identity & Access Management team (IAM) is exploring how the university could begin moving away from use of cosign authentication and toward more modern, flexible, supportable alternatives. Cosign has been the university’s secure single sign-on web authentication system for more than 15 years. Originally designed at U-M, the open source software was once widely used across… Read More »

Use new address for reporting phishing

There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. Previously, people were asked to report phishing to the IT User Advocate at abuse@umich.edu, Information Assurance (IA) is now asking that these reports go to ReportPhish@umich.edu instead. We’ll use the new address for the UM-Ann Arbor campus, but Michigan Medicine is going to hold off on rolling out… Read More »

New U-M self-phishing guidelines & norms

Are you interested in providing anti-phishing education through self-phishing in your unit? If so, be aware that any U-M unit considering such an effort is expected to abide by self-phishing guidelines and norms from Information Assurance (IA). The guidelines are intended to contribute to the success of your anti-phishing efforts and to share IA expertise based in part… Read More »

October is National Cyber Security Awareness Month

With massive data breaches like the one at Equifax (what to do if you are affected) constantly in the news, it sometimes feels as if we are under siege and helpless to defend ourselves. Yet we now have more power than ever before to control digital identity and important financial and other sensitive accounts. Take some time this… Read More »

Protection from malicious websites on UM-Ann Arbor networks

Beginning October 17, safeguards will be put in place that help protect the U-M community from websites known to be malicious—those that attempt to steal your personal information or infect your device with malware—on most UM-Ann Arbor wired networks. This protection is already included on MWireless and MGuest. Domain Name Service (DNS) filtering checks websites against a list… Read More »