Information Security & Policy Blog

Domain 12: Compliance

Domain 12: Compliance

March 1, 2013

As Jacqueline Simmons explains, IU operates in a complex legal, regulatory, & contractual environment, with responsibilities to comply with applicable legal, regulatory, & contractual requirements regarding safeguards over information and information assets. Doing so protects the university's reputation & minimizes the risk of negative financial consequences associated with noncompliance.

Watch the video
  • Cloud Data Storage and the New User Roles

    The Paradigm Shift

    One might think that as an IT security professional I would wish to tactfully discourage the use of Cloud computing; however, that is not entirely the case. Cloud computing opens avenues for collaboration on a scale never before realized by those wishing to integrate in thought and data sharing. Cloud computing virtually dissolves limitations defined by enterprise level networks and even geographical spans. As technology connects individuals, potentially on a global scale, our abilities to develop peer relations and interactions are greatly enhanced.

    Read the rest

  • Protection for PGP/Bitlocker whole disk Encryption

    Whole-disk encryption (WDE) provides an added layer of security for the data on your computer. Tools exist which can circumvent this technology under certain conditions. Lately, you may have heard about a tool from Elcomsoft which combines many popular WDE cracking methods in one.

    Some attacks you are probably aware of. If an attacker can guess the encryption password through brute force, he can decrypt the disk without any tools. That's why a good passphrase is a critical part of the encryption process.

    Read the rest

  • UPnP Vulnerabilities - Network Devices

    Universal Plug and Play (UPnP) is a protocol standard that allows communication between computers and network-enabled devices. UPnP allows devices to discover each other on the network and establish functional network services for data sharing and communication. This protocol is enabled by default on millions of devices, including routers, printers, media servers, IP cameras, smart TVs, home automation systems, and network storage servers.

    Read the rest

  • You may be sharing your IU voicemail through iTunes

    Users of the Lync voicemail system should be aware that under certain conditions, they could be unintentionally sharing their University voicemail message with other people.

    If a person has iTunes installed on a device, and iTunes is configured to share the iTunes library, (as may be set by default during the installation), there exists a strong possibility that retrieving Lync voicemail messages can result in sharing that voicemail message with individuals with access to your iTunes shared Library folder.

    Read the rest

  • Responding to a phish.

    This morning I got three phishing email messages. They came From different senders.

    From: Indiana University <ABarrientos@med.miami.edu>
    Subject: Important secure message
    To: Undisclosed recipients:;

    From: Indiana University <skonig@towson.edu>
    Subject: Important secure message
    To: Undisclosed recipients:;

    From: Indiana University <mcfarlia@mailbox.sc.edu>
    Subject: Important secure message
    To: Undisclosed recipients:;

    Read the rest

  • Domain 11: Business Continuity Management

    Domain 11: Business Continuity Management

    January 29, 2013

    Access to information and information assets can be partially or completely interrupted by natural disasters, accidents, equipment failures, or malicious activities. As Mary Lou Emmons explains, appropriate business continuity planning — planning for the unexpected — must be undertaken to protect the availability of critical information resources and continuity of operations.

    Watch the video
  • Convincing Scam E-mail Targets Faculty, Staff, and Students

    Attackers are targeting university faculty, staff, and students with a convincing but malicious e-mail message with the subject "Your Account May Have Been Compromised‏".  If you receive this message or others like it, don't follow any of the links.  Delete the message immediately.

    Read the rest

  • Domain 10: Incident Management

    Domain 10: Incident Management

    January 1, 2013

    Indeed the Information Security & Privacy Program focuses primarily on applying safeguards, though most are preventive against unintended & unauthorized use & exposure. If & when prevention fails, IU must be able to detect & respond to incidents. What's more, the process of preparing for, detecting, responding to, and tracking such incidents directly impacts the reduction of frequency & severity.

    Watch the video
  • Is your smartphone secure?

    With 6 billion mobile phone subscriptions worldwide -- that's about 87 percent of the world population -- and an even higher percentage of users estimated on campuses, Indiana University has embarked on a mobile security campaign to heighten awareness about the tools available to safeguard users and their products.

    Read the rest

    Learn more about protecting: