Tom Davis

Tom Davis

Chief Security Officer

Contact Information

Tom is Indiana University's Chief Security Officer.  In this role, Tom provides executive leadership and specialized expertise to the development and management of programs related to physical access and security, personal protection, surveillance, the security of institutional and personal information, and the security of information technology.  Tom also directs the efforts of the University Information Security Office (UISO).  The UISO is responsible for university-wide security standards administration, technical risk assessment programs, security reviews and consulting, technical security resources, and technical responses to security incidents.

Before his current appointment, Tom served as IU's Chief Information Security Officer.  Tom has worked in the security field since 1991, is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and holds a Bachelor of Science in Computer Science from Indiana University (1987).

Selected Presentations

  • "Building an Information and IT Compliance Program," EDUCAUSE Security Professionals Conference, May 2012
  • "Payment Card Industry Data Security Standards — Are You at Risk for a Fine?," Center for Applied Cybersecurity Research Indiana Higher Education Cybersecurity Summit, April 2010
  • "Getting Things Done Panel: A Practical Approach," IU Statewide IT Conference, October 2009
  • "Writing an Information Security and Privacy Program," EDUCAUSE Security Professionals Conference, April 2009
  • "Writing an Information Security and Privacy Program," EDUCAUSE Annual Conference, October 2008
  • "Security and Finance: Bridging the Communication Gap," Treasury Institute PCI-DSS Workshop, May 2007
  • "Payment Card Industry Data Security Standards," IU Treasury Business Seminar, August 2006

Selected Publications

  • Q&A: Indiana University's key to safeguarding confidential data, FierceCIO, March 2011
  • Conway, W., Davis, T. (2009). Data Security: Noteworthy Outcomes From 2009 PCI Community Meeting: NACUBO Business Officer, vol. 43, no. 4, 16-18
  • Davis, T. (2009). Me and My Job, SC Magazine For IT Security Professionals, vol. 20, no. 1, 15
  • Davis, T. (2009). Security Requires More Than Technology, EDTECH Focus on Higher Education
  • Pyrillis, R., Roberts, V. (2008). Burst of Vitamin 'C' - Pointers from CIOs and CISOs on getting the most value from systems teams: EDTECH Focus on Higher Education, vol. 4, no. 1, 38-40

Professional and Service Activities

  • Ivy Tech Information Security Curriculum Advisory Board
  • NACUBO Technical Representative to the Payment Card Industry Security Standards Council
  • Co-chair, Higher Education Information Security Council's Information Security Guide Editorial Board
  • Higher Education Information Security Council Leadership Team Member
  • Past chair, Committee on Institutional Cooperation Security Working Group
  • EDUCAUSE Security Professionals Conference 2006 Program Committee Member

Honors and Awards

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Selected into Indiana University Information Technology Leaders Program (ITLP), 2007

Recent Blog posts by this author

  • We have received approximately 25 reports from faculty and staff who have had a fraudulent 2013 federal tax return submitted to the IRS in their name. There is no evidence the tax fraud is a result of a disclosure of information that originated from IU.
  • Computers, networking equipment, mobile devices, storage media, and other IT components store, process, and transmit large quantities of information. Want to know more about how to manage these devices to appropriately protect information? If so, we have just the resource for you!
  • Ever wonder what sorts of physical and environmental safeguards you should put in place to protect all of the information you have stored in my computers and filing cabinets? If so, pull up a chair and lend an ear!
  • The importance of testing backups, and maintaining off site backups, is illustrated in this article on how Pixar almost deleted Toy Story 2.
    • Read the PSIA Blog
    • IU Notify
    • Crime Prevention Tips from IUPD
    • Request Assistance from Environmental Health and Safety
    • Secure Your Computer