Return to: U of M Home
Information technology is an important strategic and competitive tool that the University needs in order to carry out its mission of teaching, research, and outreach. The growth of the Internet, increased networking, distributed computing, and other developments have greatly increased the availability and speed of information exchange. Unfortunately, these same developments have also increased the risks of losing or compromising that functionality.
It is important to recognize and mitigate these risks by following appropriate information security policies and practices in order to assure the continued availability and integrity of University systems.
Information itself is an extremely important asset to the University. To protect it, information security and assurance policies and procedures address, among other subjects, the following:
Because of the inter-relatedness of the various parts, the integrity of the University systems, data, and network must be a primary factor in decision-making. Such decisions must include the risks and benefits for the entire University system, as opposed to a single part. Members of the University community need to be aware that some inconvenience is often the price for greatly reduced risk. Security awareness must increasingly be a part of everyday work for all members of the University community, not just technical staff.
Members of the University community need to be stewards of University resources and information with which they are entrusted at all times. Security is only as good as the weakest link. It does little good to protect information, networks, and systems in one place but not another. Therefore, everyone in the University community needs to exercise due diligence in securing and protecting University information, systems, and networks. This is true for information in central systems, departmental systems, and personal desktop/laptop computers. This is true when members of the community are accessing or using University information while physically at work, traveling, or working at home.
By following good security practices we can help others in the University community benefit from the decreased risk. "Good neighbor" security practices help others for the common good. Technology should be reviewed for conformance to industry and University policies, practices, and guidelines prior to deployment rather than after a problem or incident. Members of the University community can help themselves and others by increasing the visibility and support for security within their department or workgroup.
In order to further minimize damage to others and to meet legal and other obligations, security breaches or incidents must be reported in a timely and appropriate manner. To minimize future risk, proactive searches for potential weaknesses in security should be undertaken. A systematic method of alerting and educating appropriate staff concerning vulnerabilities and threats is required.
To assure the availability and integrity of information to the University community and the public it serves, the need for responsible and secure computing is a fact of life in an increasingly interconnected environment. The University needs to protect its name and reputation while minimizing costs through the use of appropriate information security policies and practices.
Please send us an e-mail with your comments and questions.