MiWorkspace balances security and privacy with convenience, ensuring your data, computers, and personal information are secure.
Security features—including program settings and network protection—are provided on your device. These features are adjusted and enhanced as technologies and threats change.
Network monitoring identifies security threats in real time, protecting your computer against viruses and other threats.
Encrypted laptops protect data in the event of theft or loss.
Secure configurations on laptops and desktops limit unauthorized access.
Automated security updates keep your software and security settings current.
Regular security scans identify missing updates, vulnerable configurations, and at-risk sensitive data.
MiWorkspace works with Information Assurance to ensure computers are protected for use by the U-M community. The computers include protections for individuals who work with sensitive data (e.g., social security numbers, protected health information, regulated data, etc.) on their workstation and/or departmental network drives.
The university and ITS use a variety of security tools as part of the overarching security and compliance posture; included among these tools are automated vulnerability scans and sensitive data discovery. Both tools run as background tasks and are designed to minimize the impact on your system's performance.
The information security leads, a team within Information Assurance, works closely with your unit’s Security Unit Liaison to review results from the tools and determine appropriate actions.
Vulnerability scanning is an automated task that identifies missing system patches and software vulnerabilities, as well as missing anti-virus configurations. Vulnerability scans run regularly to verify that your system has the most up-to-date software and security configurations. These scans are a key part of the university's vulnerability management efforts.
Vulnerability scans never look at personal data, such as the information found in your email, Word documents, or Excel spreadsheets. ITS limits the data it scans to system and application configuration, such as network configuration settings, and to the versions, and patch levels of installed applications. For example, this type of scanning will identify whether an installed version of Java is out of date or at risk for exploit.
Information Assurance staff review the automated scanning results. If an update or patch is needed, the results are shared with Neighborhood IT staff so they can implement the solution.
Identifying system vulnerabilities and keeping a system’s configurations current are critical components of U-M’s information security program, and are included in the National Institute of Standards and Technology (NIST) 800-53 and International Institute for Standardization (ISO) 27001/2 security standards. In addition, these practices are mandated by some regulatory compliance schemes, such as the Health Information Portability and Accountability Act (HIPAA).
The sensitive data discovery tool looks for Social Security numbers and credit card numbers to help you make informed decisions about retaining or deleting these types of sensitive data. The tool's results provides valuable information that dramatically reduces the chance of someone exploiting sensitive data—data that you may not even know you had—should another person ever gain access to your computer. Sensitive data discovery is performed every six months.
Information Assurance staff provide an initial review of the results from the automated sensitive data discovery. If your workstation is found to store Social Security or credit card numbers, the Security Unit Liaison in your unit will help you determine what action to take.
ITS limits the amount of data it collects to instances of specific numeric patterns (e.g., nine-digit numbers that could be Social Security numbers, other numbers that could be payment card numbers) and their location on an IT system. The sensitive data discovery tool never accesses personal data stored in your Personal and Private folder.
For example, if you fill out a benefits form with your SSN, and save it on your computer, the tool will identify the SSN pattern, the full path location of the document (e.g., C:\Jeff\Benefits\Application_form.doc), and log the last four numbers of the numeric pattern. The tool does not log any of the contextual information around the specific numeric pattern.
Sensitive data discovery helps the university comply with laws and regulations governing the storage of sensitive and regulated data, including federal regulations (Gramm Leach Bliley Act), State of Michigan regulations (Social Security Privacy Act), university standard (Social Security Number Privacy and Protection (DS-10)), and payment card industry standards (PCI-DSS).
Privacy and the Need to Monitor and Access Records (SPG 601.11) recognizes the privacy of university employees, as well as the need, at times, to access records or monitor record systems controlled by its employees. One specific purpose of monitoring called out in SPG 601.11 is to “avert reasonably anticipated threats or hazards;” the use of U-M vulnerability and data loss prevention tools falls under this purpose.
Any misuse of the tools and/or the data collected by security tools is a violation of SPG 601.11 and ITS policy, will be considered misconduct on the part of the employee, and will be subject to institutional sanctions up to and including termination of appointment.