Sol Bermann, J.D. was named executive director of Information Assurance and chief information security officer (CISO) for the University of Michigan in June 2019. He served as U-M’s interim chief information security officer during the 2014/15 and 2017/19 academic years. Since joining the university in 2011, Bermann has served as the university’s interim CISO, university privacy officer, and… Read More »
Technology changes at an ever-increasing rate, almost always outstripping policy, privacy, security, and legal considerations. ITS Information Assurance (IA) collaborates with faculty, researchers, students, and external industry experts to create a forum, Dissonance, for public discourse on the tensions surrounding technology, policy, privacy, security, and law.
ITS began implementing components of a greatly enhanced network security threat detection and mitigation system in late June. This approach combines cutting edge technologies, open source tools, and U-M’s MITN threat intelligence framework to provide a security solution that scales across U-M networks. It will allow ITS to: Detect and mitigate network threats across more U-M networks. Extend… Read More »
Atul Prakash, an electrical engineering and computer science professor, is part of a research team studying the process GitHub has in place for disclosing security issues. The team’s research culminated in a list of recommendations to help GitHub develop a standardized method to report security vulnerabilities.
Have external collaborators, granting agencies, or vendor partners ever asked you for information about the university’s IT security posture? ITS Information Assurance has pulled together an overview of how we secure U-M into one document to help you answer those questions: U-M IT Security Posture (U-M login required)Note: IT security and compliance is a shared responsibility. This document… Read More »
Your profile Your MCommunity profile shows only information related to your U-M affiliation. For U-M staff members, publicly viewable information includes: name, uniqname, email address, U-M affiliation, title, and U-M work phone number and address. You can choose privacy settings for additional information about yourself, such as your notice or description. You can choose whether the additional information… Read More »
You put U-M systems and data at risk if you use your UMICH (Level-1) password for non-university services. If you use your UMICH email address and password to establish a personal account (for example, at LinkedIn), and that information is exposed in a data breach, your UMICH account is now at risk. If you have used your UMICH… Read More »
Co-founded by U-M alums Dug Song and Jon Oberheide, Ann Arbor-based Duo Security sold late last year for $2.35 billion. As one of fewer than 150 privately held companies in the U.S. worth more than $1 billion (known as “unicorns”), Duo became incredibly successful in part by adhering to values besides the bottom line, such as inclusion and community. … Read More »
A new computer processor architecture developed at U-M could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete. Called MORPHEUS, the chip blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second—infinitely faster than a human… Read More »
No matter what your job at U-M, you have a role to play in implementing the new information security standards and the revised Information Security (SPG 601.27) policy. Your responsibilities could include: Participating in data protection training Reporting suspected or actual IT security incidents Learning and using secure coding best practices Configuring systems to meet minimum security requirements… Read More »
UM-Dearborn ITS has kicked off a new initiative to encrypt users’ endpoint devices (laptop and desktop computers). This effort dramatically improves the way UM-Dearborn secures its endpoints, and the data and services they touch. In addition, it helps bring campus in line with U-M IT security policies and standards. The effort initially rolled out to two departments that… Read More »
Information Assurance will soon introduce a “Report Phishing” button to the Outlook email system used within Michigan Medicine. The button will be handy way to report quickly and efficiently any email that seems a little “fishy.” Learn more on the HITS website.
Michigan Secretary of State Jocelyn Benson recently announced a new Election Security Commission to be co-chaired by U-M professor of computer science and engineering J. Alex Halderman. His work in voting security and in particular electronic voting machines has positioned him as a preeminent expert in the field. Halderman has made multiple contributions to election security advocacy at… Read More »
How do the new information security standards and the revised Information Security (SPG 601.27) policy affect your work? Information Assurance (IA) is hosting working sessions for members of the U-M community interested in learning about implementing the policy and standards. Upcoming sessions: Thursday, April 4 (1:30-3:30 p.m.). This session will cover Security Log Collection, Analysis, and Retention (DS-19)… Read More »
Turn on device encryption to help secure personal and institutional data at home and at work. Encryption protects against unauthorized access to data if your device is lost or stolen. Encryption is: Required for any personal device you use to access U-M data classified as High. https://www.safecomputing.umich.edu/protect-the-u/safely-use-sensitive-data/classification-levels Recommended for any device you use to access or store U-M… Read More »
Whether you are planning a vacation or professional trip, you will likely take along some combination of a smartphone, tablet, laptop, and other mobile devices. Follow these tips to safeguard both your own and the university’s data. Before you travel If you don’t need it, don’t travel with it. Plan which Duo options you will use and enroll… Read More »
If you use your personal devices—smartphone, laptop, tablet, and so on—for work, you are responsible for appropriately managing and securing them, as well as for meeting the obligations described in Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33). Your unit may have additional restrictions beyond those found in the SPG. Check with… Read More »
The IT Security Community and Michigan IT staff are invited and encouraged to attend an information session about vulnerability management and data & device disposal February 22.
The annual event, hosted by the UMSI and U-M Information Assurance, brings together faculty, researchers, students, and staff for multidisciplinary conversations about privacy’s role in society.
U-M Information Assurance (IA) offers tips to help you protect yourself from identity theft and tax fraud.