Information Security & Policy Blog

  • Convincing Scam E-mail Targets Faculty, Staff, and Students

    Posted by Korty, Andrew Joseph on January 14, 2013 at 12:28 PM EST

    Attackers are targeting university faculty, staff, and students with a convincing but malicious e-mail message with the subject "Your Account May Have Been Compromised‏".  If you receive this message or others like it, don't follow any of the links.  Delete the message immediately.

    Read the rest

    Learn more about protecting:
    • Domain 10: Incident Management

    Domain 10: Incident Management

    January 1, 2013

    Indeed the Information Security & Privacy Program focuses primarily on applying safeguards, though most are preventive against unintended & unauthorized use & exposure. If & when prevention fails, IU must be able to detect & respond to incidents. What's more, the process of preparing for, detecting, responding to, and tracking such incidents directly impacts the reduction of frequency & severity.

    Watch the video

  • Is your smartphone secure?

    Posted by Cosens, Eric D on December 11, 2012 at 12:28 PM EST

    With 6 billion mobile phone subscriptions worldwide -- that's about 87 percent of the world population -- and an even higher percentage of users estimated on campuses, Indiana University has embarked on a mobile security campaign to heighten awareness about the tools available to safeguard users and their products.

    Read the rest

    Learn more about protecting:
    • Domain 9: Information Systems Acquisition, Development, and Maintenance

    Domain 9: Information Systems Acquisition, Development, and Maintenance

    November 29, 2012

    Information systems are at the heart of many university processes. It is therefore important that these systems be acquired, designed, implemented, and maintained with information protection in mind. UITS' Jim Thomas enumerates various places throughout the lives of systems where security and privacy standards should be considered.

    Watch the video
    Domain 8: Identity & Access Control, Information Security & Privacy Program

    Domain 8: Identity & Access Control, Information Security & Privacy Program

    November 6, 2012

    A robust and flexible identity and access control infrastructure is key to implementing appropriate information security and privacy. Identity controls must exist to establish a level of assurance that the individual using an asset is who she claims to be.

    Watch the video

  • Mobile Security Tips to Protect Yourself

    Posted by Cosens, Eric D on October 18, 2012 at 9:54 AM EDT

    Are you reading this on your smartphone, laptop, or tablet? Statistically, you probably are. The latest figures show that there are 6 billion mobile subscriptions worldwide—that’s 87 percent of the world’s population.

    And because mobile devices are so popular, compact, and convenient, they are at high risk of loss or theft. In fact, experts say that one laptop is stolen every 53 seconds, and 70 million smartphones are lost every year.

    Read the rest

    Learn more about protecting:

  • Communications and Operations Management: Domain 7 of the Information Security & Privacy Program

    Posted by Davis, Thomas R on October 12, 2012 at 12:57 PM EDT

    Computers, networking equipment, mobile devices, storage media, and other IT components store, process, and transmit large quantities of information.  Want to know more about how to manage these devices to appropriately protect information?  If so, we have just the resource for you!

    Read the rest

    Learn more about protecting:
    • Domain 7: Communications and Operations Management, Information Security & Privacy Program

    Domain 7: Communications and Operations Management, Information Security & Privacy Program

    October 11, 2012

    The Communications and Operations Management domain describes a robust, reliable, and secure IT infrastructure that lends itself to information protection. Meeting this goal requires implementing safeguards, including policies, standards, and procedures that guide how systems are operated and how the institution processes information.

    Watch the video

  • Student Video & Poster Contest!

    Posted by Lavagnino, Merri Beth on September 20, 2012 at 7:23 AM EDT

    Information Security Awareness Student Video & Poster Contest 

    Win cash, gain experience, and earn international recognition with one short video or a poster!

    The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting a contest in search of short information security awareness videos and posters developed by college students for college students. The contest seeks creative, topical, and effective videos (two minutes or less) and posters that focus attention on information security problems and how best to handle them.

    Read the rest

    Learn more about protecting:

  • Microsoft Security Advisory: Update for minimum certificate key length

    Posted by Greenberg, David A on September 12, 2012 at 10:32 AM EDT

    Microsoft only released two bulletins for September 2012, but that doesn't mean IT professionals should just sit back an relax.  In October 2012, Microsoft will be making an automatic update available that blocks use of encryption keys shorter than 1024 bits.

    Read the rest

    Learn more about protecting: