Janet Eaton, ITS Information Assurance

Janet Eaton, ITS Information Assurance

Contact Janet at jmfeaton@umich.edu.

Plan to attend “What Does Big Tech Owe Us?” March 18

Wallace House—along with co-sponsors ITS and the Dissonance Event Series—will present Recode’s Kara Swisher interviewing Alex Stamos live on stage at U-M’s Hill Auditorium on March 18, 2020, at 6:30 p.m. Save the date on your calendar now. Kara Swisher is co-founder and executive editor of Recode and host of the weekly interview podcast “Recode Decode.” She is… Read More »

NYT editor Kathleen Kingsbury to speak at Privacy@Michigan

Celebrate Data Privacy Day on January 28 by attending the Privacy@Michigan symposium. Kathleen Kingsbury, editor of The New York Times Privacy Project, will give the keynote address. Additional privacy experts, to be announced in January, will participate in two panel discussions: It Takes a Village: Multi-Disciplinary Voices on Privacy and Ethics in a Hyper-Connected Age  I Always Feel… Read More »

Svetla Sytch named assistant director of privacy and IT policy

Svetla Sytch joined ITS Information Assurance (IA) as assistant director of privacy and IT policy on November 25. In this role, she will work with partners across the university to craft strategies and lead operational efforts that weave privacy, policy, and data governance into the way the university engages in its teaching, learning, research and administrative activities. “Svetla… Read More »

Expect privacy notice updates as the CCPA takes effect

On January 1, 2020, the California Consumer Privacy Act (CCPA) goes into effect. As we near that date, be aware that you are likely to start seeing updates and changes to privacy notices and policies for both personal and university online services (such at U-M Google and Box). Any communications about updates to vendor privacy policies and notices… Read More »

SUMIT_2019 recap: AI & cameras, art, and Apple watches

SUMIT_2019 brought together more than 430 people from the university and across southeast Michigan on October 29 to explore diverse topics in privacy and IT security. The presenters shared their work and insights on the socio-technical aspects of AI and cameras, art that explores privacy and security challenged as a result of living in our modern networked world,… Read More »

Duo to be required for U-M VPN

Over the next few months, a more secure connection method for the U-M Virtual Private Network (VPN) will be introduced, and the current method will be retired. The new method will direct people to Weblogin, and two-factor authentication using Duo will be required. The addition of two-factor to the U-M VPN login will improve security for U-M networks.… Read More »

Update: Chegg password incident resolved

The public release of credentials (email addresses and associated passwords) related to the 2018 Chegg breach unfortunately affected the U-M community. Thank you to those of you who assisted students and others whose UMICH passwords were reset in late September as a result of reuse at U-M of passwords exposed in a data breach at Chegg, a commercial… Read More »

Prepare to move away from Windows Server 2008, 2008 R2

Microsoft will end support for Windows Server 2008 and 2008 R2 on January 14, 2020 That means it will no longer provide security updates or support. Don’t let your infrastructure and applications go unprotected. Begin planning now to upgrade as needed. This applies to physical servers that you manage as well as virtual servers.  MiServer users are asked… Read More »

Better protection for U-M networks

ITS began implementing components of a greatly enhanced network security threat detection and mitigation system in late June. This approach combines cutting edge technologies, open source tools, and U-M’s MITN threat intelligence framework to provide a security solution that scales across U-M networks. It will allow ITS to:  Detect and mitigate network threats across more U-M networks.  Extend… Read More »

U-M IT security posture information published

Have external collaborators, granting agencies, or vendor partners ever asked you for information about the university’s IT security posture? ITS Information Assurance has pulled together an overview of how we secure U-M into one document to help you answer those questions: U-M IT Security Posture (U-M login required)Note: IT security and compliance is a shared responsibility. This document… Read More »

Reveal short URLs, use them with caution

Shortened URLs, such as those from bit.ly and goo.gl, make it easy to type in a web address quickly but hard to tell where your web browser will actually take you. Before clicking a shortened URL, check for the full URL. Most URL shorteners—including those used at U-M—include a preview feature. In addition, there are several URL checkers… Read More »

Your role in implementing new info security standards

No matter what your job at U-M, you have a role to play in implementing the new information security standards and the revised Information Security (SPG 601.27) policy. Your responsibilities could include: Participating in data protection training Reporting suspected or actual IT security incidents Learning and using secure coding best practices Configuring systems to meet minimum security requirements… Read More »

Tips for writing emails that don’t look phishy

You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »

New Chinese restriction impacts Duo phone calls; Use other options

May 15, 2019 update: You can once again use the Call Me option to receive Duo phone calls to Chinese (+86) numbers for two-factor authentication. Automated phone calls for Duo two-factor authentication are no longer being blocked to Chinese (+86) numbers. Duo worked with one of its telephony providers and the Chinese government to resolve the issue. China… Read More »

Teams practice IT security incident investigation

U-M staff members, and a number of other IT security pros from Domino’s, and Washtenaw Community College, honed their IT security investigation skills at a March 27 Boss of the SOC (Security Operations Center) event held at U-M and sponsored by the U-M Information Assurance office and Splunk. Working in teams of four to five, participants assumed the… Read More »

IA finds and fixes Shibboleth vulnerability

Imagine not being able to log in to your U-M GMail and Calendar—or Box at U-M, Canvas, and more. That might have been a risk if an attacker had exploited a previously unknown Shibboleth vulnerability. Within minutes, the attacker could have broadly disrupted logins at U-M and across higher education. Thankfully, that didn’t happen. While doing a routine… Read More »

Learn about implementing new info security standards

How do the new information security standards and the revised Information Security (SPG 601.27) policy affect your work? Information Assurance (IA) is hosting working sessions for members of the U-M community interested in learning about implementing the policy and standards. Upcoming sessions: Thursday, April 4 (1:30-3:30 p.m.). This session will cover Security Log Collection, Analysis, and Retention (DS-19)… Read More »

Active Directory test forest ready for your testing

In preparation for upgrading the Active Directory (UMROOT) domain controllers from Windows Server 2012 to Windows Server 2016, the Active Directory test forest has been upgraded to Windows Server 2016. It is ready for you to use to test your systems and applications. If you are responsible for services that use Active Directory (UMROOT), please do the following… Read More »