Janet Eaton, Information Assurance

Janet Eaton, Information Assurance

Contact Janet at jmfeaton@umich.edu.

Your role in implementing new info security standards

No matter what your job at U-M, you have a role to play in implementing the new information security standards and the revised Information Security (SPG 601.27) policy. Your responsibilities could include: Participating in data protection training Reporting suspected or actual IT security incidents Learning and using secure coding best practices Configuring ITS systems to meet minimum security… Read More »

Tips for writing emails that don’t look phishy

You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »

New Chinese restriction impacts Duo phone calls; Use other options

May 15, 2019 update: You can once again use the Call Me option to receive Duo phone calls to Chinese (+86) numbers for two-factor authentication. Automated phone calls for Duo two-factor authentication are no longer being blocked to Chinese (+86) numbers. Duo worked with one of its telephony providers and the Chinese government to resolve the issue. China… Read More »

Teams practice IT security incident investigation

U-M staff members, and a number of other IT security pros from Domino’s, and Washtenaw Community College, honed their IT security investigation skills at a March 27 Boss of the SOC (Security Operations Center) event held at U-M and sponsored by the U-M Information Assurance office and Splunk. Working in teams of four to five, participants assumed the… Read More »

IA finds and fixes Shibboleth vulnerability

Imagine not being able to log in to your U-M GMail and Calendar—or Box at U-M, Canvas, and more. That might have been a risk if an attacker had exploited a previously unknown Shibboleth vulnerability. Within minutes, the attacker could have broadly disrupted logins at U-M and across higher education. Thankfully, that didn’t happen. While doing a routine… Read More »

Learn about implementing new info security standards

How do the new information security standards and the revised Information Security (SPG 601.27) policy affect your work? Information Assurance (IA) is hosting working sessions for members of the U-M community interested in learning about implementing the policy and standards. Upcoming sessions: Thursday, April 4 (1:30-3:30 p.m.). This session will cover Security Log Collection, Analysis, and Retention (DS-19)… Read More »

Active Directory test forest ready for your testing

In preparation for upgrading the Active Directory (UMROOT) domain controllers from Windows Server 2012 to Windows Server 2016, the Active Directory test forest has been upgraded to Windows Server 2016. It is ready for you to use to test your systems and applications. If you are responsible for services that use Active Directory (UMROOT), please do the following… Read More »

IA Chrome extension protecting LSA

About 2,100 managed systems in the College of Literature, Science, and the Arts (LSA) now have extra protection from malicious websites thanks to the Safe Computing Website Checker developed by Information Assurance (IA). The extension protects people from some types of malicious websites when browsing the web with Chrome. “Utilizing Group Policy Management (GPO) we have deployed this… Read More »

Only store sensitive data in approved services—check the guide!

Do you work with sensitive data? Any time you are thinking about using a storage or collaboration service for sensitive university data—whether in the cloud or at U-M: Check the Sensitive Data Guide first to see which services are approved for your data type. If the service you want to use is not listed in the guide, ask… Read More »

U-M GDPR journey discussed at forum

If you’re worried about the impact of the General Data Protection Regulation (GDPR) in your unit, take a deep breath and relax. The university has got your back. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, reassured attendees at a July 26 GDPR open forum that—with the help of… Read More »

Chrome extension warns you of malicious websites

You know you need to check the URL before logging in, but wouldn’t it be great if your web browser did some of that checking for you? If you use Chrome and an extension from Information Assurance (IA), it can. The U-M Safe Computing Website Checker extension for Chrome warns you while you are using Chrome: When you… Read More »

Users to be prompted for UMICH account recovery info

Resetting a forgotten UMICH (Level-1) password can be easy—but only if you’ve set up account recovery information ahead of time. When you save your account recovery information—a non-university email account and/or your mobile phone—we then know where to send your password-reset code in case you ever forget your password. To make this process easier, ITS will begin gradually… Read More »

Shared threat intelligence saves the day

A Distributed Denial of Service (DDoS) attack took down a residence hall network switch at the University of Maryland (UMD) over spring break 2018, but it could have been a lot worse without the collaborative threat information sharing partnership of U-M and other universities. 90% of attack traffic blocked “If we hadn’t been using our shared threat intelligence,… Read More »

Tips for writing emails that don’t look phishy

You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »