Identity & Access Management
Identity and access management ensures accurate identification of authorized University community members and provides secure authenticated access to, and use of, network-based services. Identity and access management is based on a set of principles and control objectives to:
- Ensure unique identification of members of the University community and assignment of access privileges.
- Allow access to information resources only by authorized individuals.
- Ensure periodic review of membership in the community and review of their authorized access rights.
- Maintain effective access mechanisms through evolving technologies.
Access Control refers to the process of controlling access to systems, networks, and information based on business and security requirements. The objective is to prevent unauthorized disclosure of Michigan Tech’s information assets. University access control measures include secure and accountable means of identification, authentication, and authorization.
-
Identification
-
Identification is the process of uniquely naming or assigning an identifier to every individual or system to enable decisions about the levels of access that should be given. The key feature of an identity process is that each user of University community, and any other entity about which access decisions need to be made, is uniquely identifiable from all other users.
-
Authentication
-
The authentication process determines whether someone or something is, in fact, who or what it is declared to be. Authentication validates the identity of the person. Authentication factors can be something you know (password), something you have (token), or something you are (biometric). For the purpose of access control, authentication verifies one’s identity through Information Technology.
-
Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Michigan Tech’s entire network. Adhering to secure password procedures will help reduce the compromise of user accounts on the University’s systems. As such, all community users (including students, faculty, staff, guests, contractors and vendors are responsible for taking the appropriate steps, as outlined within Michigan Tech’s Password Standards to select and secure their passwords.
-
Authorization
-
Authorization is the process used to grant permissions to authenticated users. Authorization grants the user, through technology or process, the right to use the information assets and determines what type of access is allowed (read-only, create, delete, and/or modify).
The access rights to the information must then be entered into the security system via an access list, directory entry, or view tables, for example, so the authorization rules can be enforced. The level of control will depend on the classification of the data and the level of risk associated with loss or compromise of the information. Data handling requirements are outlined in the Institutional Data Access Policy.
Remote Access
Remote access to information technology resources (switches, printers, routers, computers, etc.) and to sensitive or confidential information (social security numbers, credit card numbers, bank account numbers, etc.) are only permitted through secure, authenticated and centrally-managed access methods.
Privileged Access
Personnel who manage, operate, and support University information systems, including individuals who manage their own systems, are expected to use appropriate professional practices in providing for the security of the systems they manage. Responsibility for systems and application security must be assigned to an individual knowledgeable about the information technology used in the system and in providing security for such technology.