IT Security Policies: Or How I Learned to Love Telling People What to Do and How to Do It

Wednesday, April 29, 2026 | 3:15PM–4:00PM PT | California Promenade, Second Floor
Session Type: Poster
Delivery Format: Poster Session
Credible, implementable, enforceable, and sustainable rules and guidelines are fundamental to any successful IT security program. Without well-defined technical and procedural standards, designing, managing, and operating secure and compliant IT systems becomes a challenge. The shared responsibility model, widely adopted across higher education, hinges on the clear communication and consistent enforcement of robust IT security policies. In this session, Dennis Neil, assistant director of Information Assurance at the University of Michigan-Ann Arbor; and Joseph Lubormirski, director of Security, Infrastructure, and Operations at the University of Michigan-Dearborn, will explore the critical role that IT security policies play in supporting institutional security and compliance. The presenters will discuss the practical opportunities that strong IT security policies create, such as fostering a culture of shared responsibility, clarifying roles, and streamlining compliance efforts, while also addressing common operational challenges, including policy interpretation, alignment across diverse campus environments, and ongoing maintenance. Attendees will come away with actionable insights and strategies for leveraging IT security policies to set expectations, empower teams, and navigate the complex landscape of operational security in higher education.

Presenters

  • Joe Lubomirski

    Director of Security, Infrastructure, and Operations, University of Michigan-Dearborn

  • Dennis Neil

    Assistant Director IT Security Design and Engineering, University of Michigan-Ann Arbor

Resources & Downloads

  • UM IT Security Policies Poster

    Updated on 4/24/2026