![\"U-M](\"https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-13-at-9.42.59-AM-700x400.png\")
<\/p>\n<\/p>\n
As the University of Michigan gets ready for winter break, remember that cyber attackers never take time off. The university takes measures to protect the institution\u2019s data and systems no matter the time of the year. While Information Assurance (IA) leads and coordinates these efforts, everyone in the U-M community has a shared responsibility to do their part. <\/span><\/p>\n The revised <\/span>Information Security SPG 601.27<\/span><\/a> policy, the <\/span>accompanying IT Security standards<\/span><\/a>, and the <\/span>expansion of two-factor authentication<\/span><\/a> are recent examples of steps U-M has taken to appropriately secure the university while continuing to enable its teaching, research, clinical, and administrative missions. <\/span><\/p>\n Two-factor (Duo) for Weblogin will be required for all U-M faculty, staff, student employees, and sponsored affiliates across all campuses on Wednesday, January 23, 2019. It has been required in Michigan Medicine since October. Thus far, nearly 70,500 U-M employees already have turned on Duo for Weblogin. <\/span><\/p>\n Some of the steps taken to encourage individuals to turn on two-factor before the go-live date include: <\/span><\/p>\n IA highly recommends that U-M employees turn on two-factor for Weblogin sooner rather than later. This approach allows new users time to become familiar with the tool and its various options, such as the seven day \u201cRemember me\u201d function, availability of offline passcodes, and more. While the overwhelming majority of the university community prefers using the Duo Mobile app on their smartphone, <\/span>other options are available<\/span><\/a> to address individual circumstances and needs.<\/span><\/p>\n Back in August, U-M\u2019s Executive Officers approved a long-awaited revision to SPG 601.27, the university\u2019s IT Security policy. Since then, IA has been meeting with a variety of stakeholders, including unit IT staff, to provide support for their implementation planning well in advance of December 31, 2020, when full compliance with the policy and standards is expected. The goal is to provide IT staff with information, tools, and resources\u2014with an emphasis on the key message that IT security and compliance is a shared responsibility for all university community members.<\/span><\/p>\n In addition to the SPG approval, 13 IT Security standards were approved. These standards provide specific direction on how to appropriately secure U-M systems and data. An IT Standards Advisory Group is being convened that will provide IA with feedback and support on how best to actualize the SPG and standards. Advisory group members will represent a cross section of the university community. <\/span><\/p>\n Beginning in winter 2019 and continuing through the spring, IA will hold campuswide information sessions on each of the IT Security standards. The goal of these sessions will be to provide IT and interested business and administrative staff with an opportunity to expand their technical knowledge of each standard, ask questions of subject matter experts, and get a better understanding of the implementation process. Information session dates, times, and locations will be announced in the Michigan IT Newsletter and through communications to a variety of U-M IT communities and other stakeholders. <\/span><\/p>\n Detailed implementation guidance and documentation is available on the <\/span>Protect Your Unit\u2019s IT<\/span><\/a> webpage along with <\/span>Minimum Information Security Requirements for Systems, Applications, and Data<\/span><\/a>. These materials provide a baseline that applies to all U-M units, faculty, staff, affiliates, and vendors with access to institutional data, and are a useful backdrop for the coming information session discussions. <\/span><\/p>\nTwo-factor authentication: Where are we?<\/b><\/h1>\n
\n
![\"SPG](\"https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2018\/12\/SPG-pyramid1-700x530.png\")
<\/p>\nRevised information security policy: What\u2019s coming?<\/b><\/h1>\n