Security and Assurance

Michigan Tech's Information Security and Assurance provides university-wide service and support related to information security and assurance, information and technology risk management, data-focused compliance, and data privacy.

Information Security and Assurance

A springtime Michigan Tech campus featuring the Husky statue with the H-STEM and MEEM buildings in the background.

Information Security Operations and Engineering

A component unit for Information Technology, we’re a small team of three full-time employees, so we rely heavily on the support of our colleagues in central IT and those supporting research units, along with all MTU students and employees who provide our best and first line of defense.

We implement and administer security tools and services like university-wide vulnerability management, endpoint detection and response (EDR), and security information and event management (SIEM). We support specialized tools and services like Virtru secure email and Zoom for Government where needed.  We coordinate with colleagues within and outside of central IT to establish and maintain procedures and standards in support of our tools and services.

Governance and Strategic Planning

  • Establish and support governance groups to ensure stakeholders are aware of and provide ongoing feedback related to information security and assurance efforts, planned changes, etc.
  •  ISA supports six governance groups at MTU – RISSC, ISAC, RS/C, ESCC, CIRT.

IT Risk Management

  • Evaluate planned purchases and renewals of IT-related software and services.
  • Review proposals and contracts from research partners to ensure MTU can fully support planned research activities.
  • Conduct gap assessments and assist in developing documentation to support business units with specialized controlled data handling requirements.
  • Provide support to emerging risk identification and management.

Data-Focused Compliance

We provide support ranging from technical controls implementation and management to gap assessments, risk assessments, general consultation, and more for institutional efforts related to CJIS, CMMC, DFARS, EAR, FERPA, GDPR, GLBA, HIPAA, ITAR, NSPM-33 and PCI-DSS compliance.

Data Privacy

We establish and maintain an institutional data privacy policy, related procedures, and support for data handling and data lifecycle management efforts in coordination with other IT and non-IT units and relevant existing and new governance efforts.