IT Security

Take home message: Our IT security infrastructure is an essential tool for facilitating compliance with all U-M’s information related obligations. It is critical that everyone understands and complies with all of U-M’s IT policies, especially the SPG on Information Security, and any recommendations or directives related to IT security issued at their local level; because compliance with privacy, access, copyright, preservation and other information management laws is predicated on compliance with our internal IT security protocols.

U-M Policy and helpful links

Things to remember

  • IT security begins with you! If you have a weak password, leave your computer unlocked and unattended, store private or confidential data in a non-encrypted or non-protected way, or fail to back up important information, then you are making yourself and U-M vulnerable to security breaches and to the compromise of important and sensitive information. It doesn’t take much effort for each of us to make good security practices a part of our routine.
  • IT security breaches put U-M’s information – and, by extension, our entire operation – at risk; and exposes U-M to legal compliance breaches, particularly relating to privacy and confidentiality. A breach of IT security could be as simple as accidentally sending an email attachment to the wrong person, or as serious as having your laptop stolen in an airport, or discovering an unauthorized person is accessing or tampering with U-M’s systems. Regardless of how serious an incident is, it should be reported.
  • If a breach of IT security happens, you may not have time to review protocols before you need to take action – so it’s a good idea to familiarize yourself with the reporting process, and be familiar with who your Security Unit Liaison is. That way, you can act fast and with confidence if confronted with a real incident.
  • Mobile devices, like laptops and USB drives, are convenient ways to capture and store data, but are also particularly vulnerable to security breaches – with consequences as severe as seeing your sensitive research data in the newspaper. Encryption is one way to improve the security of these devices, which ITS can help you with.

People to talk to

For advice about IT security, or to discuss issues or concerns relating to IT security, contact your local Security Unit Liaison in the first instance, or another member of the U-M Security Community in your unit.

You can also contact Information & Infrastructure Assurance (IIA), within ITS, for advice on IT security, policy or privacy issues, by using their contact us page or calling the ITS help desk on (734) 764-4357 (4-HELP).

If you are wanting to report an IT security incident, see the Incident Reporting Process for details, unless the incident poses immediate danger, in which case you should call 911.

For legal advice relating to IT security, contact Jack Bernard in the Office of the General Counsel. However, you should usually talk first to your Security Liaison or IIA even if it is a legal issue, as they are best placed to help you resolve any questions or problems you have.


Established 3/4/11, last updated 3/7/17 – Contact us if you believe any information is incorrect or outdated