Security Training & Awareness

Information security training is essential to IT professionals — ranging from database and system administrators, developers, and engineers to management who have a stake in the IT decisions in their department.

The UISO is committed to providing awareness of and access to proper security education and training to professionals across the university. We are constantly searching for new and innovative ways to deliver top quality training.

Join our list

Be the first to know when we're offering a new training opportunity! To subscribe to this list, send an e-mail message to iulist@iu.edu with a body of:

ADD INFOSECTRAINING-L <email address> <firstname> <lastname>

We will not use your email address from this list for any purpose other than to deliver news about security-related training/education opportunities.

Security Awareness Materials

The Information Security and Policy Offices generate and provide educational materials regarding computer use and security. Feel free to download these and use them, either printed or electronically, in your campaign.

Read more and download materials.

SANS Partnership Program

IU participates in the SANS Partnership Program, one of the most trusted and largest source for information security training, certification and research in the world.

Read more.

PCI DSS Training Resources

The UISO is committed to supporting the IU Office of the Treasurer in their efforts to maintain a PCI compliant environment.

Read more

Stay tuned for more!

Stay tuned for more training opportunities hosted by UISO. Make sure to join our training list so you can be among the first to know.

Security & Policy Blog Posts

  • May 17, 2013 at 12:52 PM

    • Critical Linux Kernel Security Update
    A local, unprivileged user can use a Linux kernel flaw to gain escalated privileges, without authentication, on a system running a Linux kernel. Technical details, as well as exploit code, have been publically released.
  • April 10, 2013 at 4:07 PM

    • S/MIME certificates available
    S/MIME certificates are now available to all IU personnel at no cost.
  • March 13, 2013 at 4:00 PM

    • Policy Draft IT-28 Provisioning of IT Services
    IU VP for IT and Chief Information Officer, Brad Wheeler, spoke at a town hall meeting on March 8th on the subject of, “Mitigating Cyber Risks,” including the current risk environment, and the development of IT-28.
  • March 1, 2013 at 5:06 PM

    • Domain 12: Compliance
    As Jacqueline Simmons explains, IU operates in a complex legal, regulatory, & contractual environment, with responsibilities to comply with applicable legal, regulatory, & contractual requirements regarding safeguards over information and information assets. Doing so protects the university's reputation & minimizes the risk of negative financial consequences associated with noncompliance.

    Recent Security Bulletins

  • February 12, 2013 at 11:03 AM

    • Vulnerabilities in Adobe ColdFusion
    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.
  • January 22, 2013 at 9:02 AM

    • Java Security Recommendations
    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.
  • January 10, 2013 at 1:59 PM

    • Zero Day Java 7 Vulnerability
    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.
  • November 8, 2012 at 3:50 PM

    • Vulnerability in Symantec Endpoint Protection
    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB files. This vulnerability may allow an unauthenticated remote or local attacker to execute arbitrary code with SYSTEM privileges on a targeted computer.