The Protect IU Blog
Posted byon August 16, 2013 at 10:43 AM EDT
Indiana University campuses around the state will add new cadet officers to their IU Police Department ranks after the IU Police Academy presented badges to 38 members of its 42nd class. Graduation ceremonies took place Aug. 10 in the Indiana Memorial Union's Alumni Hall in Bloomington.
The graduating cadet officers were selected from nearly 100 applicants and represent six IU campuses, the most in the academy's history. The new grads will join IU Police Departments on their home campuses this fall.Learn more about protecting:
Posted byon August 12, 2013 at 3:34 PM EDT
Updated: August 12, 2013
IU policy was approved (on May 17, 2013) and now has a new name: Cyber Risk Mitigation Responsibilities (IT-28).
The approved policy language represents significant evolution based on feedback from the university community. We invite you to review the final version.
Original post: March 13, 2013:
Policy Draft IT-28 Provisioning of IT Services
The University Information Policy Office recently posted and distributed a new policy draft for review, Policy IT-28 Provisioning of Information Technology Services.
Policy IT-28 was drafted and developed with input from key stakeholders, paying particular attention to the Board of Trustees' concerns related to information and information technology risk — which have been continually highlighted by internal audits and repeated security incidents.
IT-28 seeks to reduce the university’s exposure to threats and create economic efficiencies by leveraging common IT infrastructure and services to the greatest extent practicable (thereby freeing up resources for unit-specific needs).
VP for IT and Chief Information Officer Brad Wheeler spoke at a town hall meeting on March 8th on the subject of: “Mitigating Cyber Risks”, which covered the current risk environment, and the development of IT-28.Learn more about protecting:
Posted byon August 6, 2013 at 1:27 PM EDT
IT security and compliance professionals are often asked about products and compliance to industry standards such as HIPAA or PCI-DSS. The vendor of product which someone wants to purchase may state that the product is compliant with a specific industry security standard. As a result, a system administrator or end user may then assume that they no longer need to worry about compliance, presuming that the product has bestowed upon them automatic compliance by virtue of simply using the product. How oh so convenient that would be if only it were true, which it is not.Learn more about protecting:
Posted byon July 23, 2013 at 1:32 PM EDT
A vulnerability in Apache Struts2 is being exploited by attackers as a means to compromise web servers. From the nist.gov bulletin:
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
If you are developing web applications in Struts, be advised that you should take action to address the vulnerability.Learn more about protecting:
Posted byon June 14, 2013 at 4:25 PM EDT
Hot fun in the summertime – oh, yes! Temperatures reached about 95 degrees Wednesday in Bloomington and the humidity was high. So was the possibility that evening of severe thunderstorms with potentially damaging straight line winds. It all combined for a potentially nasty second day of United Front II search and rescue exercises, particularly when the players are wearing fatigues, heavy boots, hard hats, vests and protective respirator masks.
The collapsed Phi Kappa Psi on North Jordan.Learn more about protecting:
Posted byon May 17, 2013 at 12:52 PM EDT
Welcome to Flight CVE-2013-2094
This week, a vulnerability in the Linux kernel appeared publicly on the radar with an active exploit close on its tail. A local, unprivileged user can leverage a Linux kernel flaw to gain escalated privileges, without authentication, on a system running a Linux kernel version 3.8.8. And just when you think your old frequent flyer miles are safe, the vulnerable code affects any kernel version between 2.6.37 and 3.8.8 (and even to centos 6 2.6.32 kernels).
Details about the vulnerability can be found here:Learn more about protecting:
Posted byon May 16, 2013 at 10:29 AM EDT
Really? Warm weather? About time…right? It’s been a cool spring for Hoosiers and, in fact, for most of the nation. But a swarm of tornadoes last night in northern Texas broke the calm weather pattern to bits. Unusually cool weather from the Rockies to the East Coast over past months kept volatile weather activity to a minimum, according to a USA Today story. During the past 12 months, the nation experienced the fewest number of tornadoes since at least 1954, and only seven people were killed by tornadoes from May 2012 to April 2013, the fewest in a 12-month period since 1899-1900.Learn more about protecting:
Posted byon May 2, 2013 at 3:29 PM EDT
Over the next few days, students will participate in commencement ceremonies at IU campuses across the state. We’re ready. The herald trumpet is shined, the banners unfurled, the gowns pressed. Chairs and podiums are set up, microphones tested. Landscaping is in shape, with grass trimmed and flowers planted. Diplomas are ready to go. And because I work with IU Emergency Management and Continuity, I’ll assure you that security in place. So, now, on with the show...Learn more about protecting:
Posted byon May 1, 2013 at 11:47 AM EDT
Goodbye, school! Hello, world! IUEMC loves commencement season! Did you know that 18,828 students are eligible to participate in ceremonies on IU campuses across the state? Or that one quarter of this year’s grads are first-generation college students? Or that our grads come from every county in Indiana, every state in the U.S. -- including the District of Columbia -- and 127 countries? Celebrate our amazing graduates, their diversity and achievement…and be safe. If you SEE something, SAY something.Learn more about protecting:
Posted byon April 22, 2013 at 10:02 AM EDT
The bombings at the Boston Marathon last Tuesday and the subsequent hunt for the bombers shut down Boston along with some 50 colleges in the area. The Boston U. community was left to mourn a student killed in the bombings; at UMass-Dartmouth, many students recognized a friend as one of the bombing suspects; and at MIT, the campus family lost a police officer. The Chronicle of Higher Education reports.Learn more about protecting: