Security

How to use the CIS-CAT tool to help secure U-M systems, databases, and applications, and how to report the results to Information Assurance.
Active@ KillDisk is software that can completely and securely destroy all data on hard drives, removable disks, and flash media devices, without the possibility of future recovery. U-M has a license for its use by faculty, staff, and departments for U-M owned computers on all U-M campuses, including Michigan Medicine. This document provides instructions for downloading, installing, registering, and using the U-M licensed copy of Active@ KillDisk. A freeware version of Activ@ KillDisk is available for use on personally owned devices.
You have a number of options available in your U-M Gmail to help you reduce unwanted email. You can block mail from particular addresses, mute an email conversation, report spam, and use a filter to automatically delete, report, or file messages. Similar options are available to Michigan Medicine Exchange Outlook users.
If a server that you manage is permitted to access or maintain U-M sensitive institutional data, it should be hardened to meet the minimum expectations below. Check out the Sensitive Data Guide and the Responsible Use of Information Resources (SPG 601.07) for for more general guidance on data types and usage.
If you are permitted to access or maintain sensitive institutional data using a server or database that you manage, please meet the minimum expectations below.
If you are permitted to access or maintain sensitive institutional data using a server that you manage, please meet the minimum expectations below. Note that while these instructions generally apply to most Unix/Linux systems, the specific instructions shown are current for Red Hat Enterprise Linux 7. You can use the command-line text editor of your choice; examples using 'nano' are shown below.
If a server that you manage is permitted to access or maintain U-M sensitive institutional data, it should be hardened to meet the minimum expectations below. Check out the Sensitive Data Guide and the Responsible Use of Information Resources (SPG 601.07) for more general guidance on data types and usage.
The guidance below should be followed by anyone installing, managing, or using a webcam for U-M business, and is recommended for anyone using one for any purpose. If you use a webcam for U-M business, you need to do so in accordance with Proper Use of Security Cameras (SPG 66.01). Apply these recommended security controls for web cameras:
If you have received a Sensitive Data Discovery report indicating that potentially sensitive data has been found on your workstation or an IT system you are responsible for, you need to take appropriate action as outlined in this document.
Users of the ITS Web Application Hosting service may find the following tips useful in order to prevent their web applications and data from being compromised by an attacker. As your application or site is hosted on a shared server and uses a networked filesystem (AFS), a compromise of your site could also negatively affect others on campus.