Information Protection @ MIT

September 24, 2015

Dear MIT faculty and staff,

Over the past two years we have taken a number of steps to enhance the safety and security of MIT's information technology (IT) infrastructure. With guidance from the Information Technology Governance Committee (ITGC), we have examined how we deliver network services to our community. We have modified practices to establish a higher level of resilience for our network while accommodating the needs of our faculty, students and staff.

In recent months, we adopted the use of a two-factor authentication service called Duo to help prevent attacks that make use of compromised credentials. As described in the recent Faculty Newsletter article, faculty, staff and affiliates need to begin using Duo for Touchstone-enabled web applications at MIT (such as Atlas, Barton and Stellar) by September 30, 2015.

Now I want to make you aware of the Information Protection @ MIT website, which provides access to policies, resources and guidance materials related to safeguarding sensitive data at the Institute. The site also provides information to help community members protect their own personal data. In addition, you can access training resources designed to help you understand Institute policies and the procedures we need to follow to comply with local and federal legislation with regards to protecting data.

The website was developed to complement the work of the Information Technology Policy Committee, which serves as a consultative body for the ITGC on IT policy and issues pertaining to the use of IT in teaching and learning, research, and other professional activities of the faculty and IT community.

Various units across MIT share responsibility for maintaining records and providing oversight. Faculty and staff who create, transmit, or store sensitive data can learn best practices to secure data by watching a series of brief videos designed to give users a solid foundation in desktop, internet and data security. These videos have been packaged together to form courses for targeted staff with direct oversight responsibility. Harry Hoffman, Director of Security with Information Systems and Technology, is available to answer specific questions and provide guidance regarding recommended and required training.

Sincerely,
John Charles