IT Security & Privacy

The Information Assurance (IA) and Privacy and IT Policy collaborate closely to protect U-M by leading IT security, privacy, and compliance efforts that enable the university to excel in its teaching, research, and patient care missions.

Strategic Pillars

  • One U-M Information Assurance Program. Providing a consistent approach across UM-Ann Arbor, UM-Dearborn, and UM-Flint.
  • Risk-Based. Striving to secure the most sensitive and at-risk systems and data first. This helps us direct university IT security resources where they are most needed and will have the greatest impact.
  • Make it Easy. Supporting systems and investing in tools that make security the easy choice.
  • Shared Responsibility. Promoting a university-wide security culture so all U-M units and community members understand they are part of IT security at U-M. Everyone has an important part to play.
  • Faculty Engagement. Collaborating with faculty to contribute to IT security and privacy research and knowledge. We support and participate in research projects, offer guest lectures in U-M courses, and partner with faculty on events and outreach.

IA Support for U-M Units

  • Incident Response. IA coordinates response to serious IT security incidents in units and across the university. For non-serious IT security incidents, we analyze the situation and work with unit staff to develop and implement a plan for containment and mitigation.
  • Threat Intelligence. Good threat intelligence helps us identify risks and threats before they turn into incidents. IA develops and deploys automated threat intelligence tools and processes that proactively defend U-M systems and data, including unit systems and data. We collaborate with Big Ten Academic Alliance schools to enhance and extend threat intelligence through a shared repository.
  • Risk Management. IA maintains the U-M IT security risk assessment program, provides risk assessment services to the Ann Arbor campus, and supports risk assessment practices via standardized assessment tools for the entire university. Michigan Medicine IA provides risk assessment services for Michigan Medicine. We also provide IT security and compliance assessments during system development and vendor procurement.
  • Vulnerability Management. IA conducts regular scans for vulnerabilities and notifies units when vulnerabilities are found. Additional scans and penetration testing are available on request.
  • Network Security. IA provides strategic direction and input for U-M's network protection technologies and services, including firewalls and intrusion protection systems.
  • Compliance Support. We provide guidance and tools to units to help protect unit IT and meet the requirements detailed in the university's IT security policies and standards, as well as comply with data protection laws and regulations. Important compliance resources, such as the Sensitive Data Guide and Information Security requirements, are located on the Safe Computing website. In addition, our staff are available to consult and assist.
  • Unit Consulting. IA provides proactive and responsive guidance to campus units by answering security questions, reviewing best practices, and sharing information about emerging threats through alerts.

Privacy and IT Policy Support for U-M Units

  • Privacy Guidance. We provide privacy guidance and resources through the U-M Privacy Program. We also invite the university community to engage on privacy issues through campus events, such as the Privacy@Michigan and the Dissonance event Series.
  • IT Policy Management. We take responsibility for development of IT policies and standards; we work with units to ensure IT policies and standards remain credible, implementable, enforceable, and sustainable.
  • Education and Engagement. We offer IT security and privacy education and engagement opportunities for the U-M community through the Safe Computing website, articles in U-M publications, social media campaigns, and events. We also offer training on IT security and data protection.

Leadership

  • Asmat Noori, Interim Chief Information Security Officer (CISO) and Executive Director of Information Assurance, accountable for IT security across UM-Ann Arbor, UM-Dearborn, UM-Flint
  • Sol Bermann, Executive Director of Privacy and Faculty Affairs, Assistant Professor of Information 

Contact Information

  • Your Security Unit Liaison (see SUL directory). For most things, your SUL will work directly with IA. IA holds regular Security Community meetings and communicates regularly with SULs via email. SULs and unit IT staff may request IA services on behalf of their unit.
  • ITS Service Center. You and your staff can ask IT security, privacy, and request IA services through the ITS Service Center.
  • Incident Response. Report IT security incidents to [email protected] (that group includes the IA incident responders and the U-M and Michigan Medicine CISOs).