Technology is the infrastructure of society. Whether it's writing better code or designing a more secure network, the need to safeguard our valuable information technology resources has never been higher.

Site Pages

  • ERM at Indiana University

    • Last updated: December 18, 2012 at 2:49 PM
    ERM at Indiana University

  • Handheld Device Security

    • Last updated: October 3, 2012 at 10:23 AM
    Today's smart phones aren't just fancy phones -- they're small, complex computers that must be secured appropriately.

  • Checklists & related documents

    • Last updated: February 5, 2013 at 1:09 PM
    Samples, checklists, and templates for documenting IT compliance, provided by UITS IT Professional Services & Support.

  • Laptop Inspections and Seizure

    • Last updated: October 11, 2011 at 4:09 PM
    The U.S. Customs and Border Protection (CBP)can inspect, and confiscate, electronic devices such as laptops, cell phones, PDAs, and storage devices.

  • Best Practices For Securing IT Resources

    • Last updated: March 13, 2013 at 2:55 PM
    This material is meant as a guide for department administrators and technicians working to minimize the chance of an IT security breach on Indiana University computer systems, telecommunications, or other information technology systems.

  • Secure File Transfer Alternatives

    • Last updated: April 12, 2011 at 7:56 PM
    It's important to know what options are available to get your file from point A to point B and to understand whether the method you choose provides adequate security given the sensitivity of the data being transferred.

  • Principles

    • Last updated: August 5, 2011 at 4:33 PM
    Security and Privacy Principles are intended to provide high-level guidance for Indiana University's Security and Privacy Program.

  • Information Security & Privacy Program

    • Last updated: October 26, 2012 at 9:54 AM
    An Information Security Program is a "methodical, programmatic approach to implementing and managing security within an organization.

  • Incident Response Procedure Template

    • Last updated: February 22, 2011 at 10:41 AM
    Protect.iu.edu is your source for everything security-related at Indiana University.

  • Incident Notices from the UIPO

    • Last updated: February 1, 2011 at 3:27 PM
    The UIPO Incident Response team sends dozens of email notifications to the University community to alert people to computer and account compromises and malicious activities.

    Related Blog Posts

  • Critical Linux Kernel Security Update

    • May 17, 2013 at 12:52 PM
    A local, unprivileged user can use a Linux kernel flaw to gain escalated privileges, without authentication, on a system running a Linux kernel. Technical details, as well as exploit code, have been publically released.

  • S/MIME certificates available

    • April 10, 2013 at 4:07 PM
    S/MIME certificates are now available to all IU personnel at no cost.

  • Policy Draft IT-28 Provisioning of IT Services

    • March 13, 2013 at 4:00 PM
    IU VP for IT and Chief Information Officer, Brad Wheeler, spoke at a town hall meeting on March 8th on the subject of, “Mitigating Cyber Risks,” including the current risk environment, and the development of IT-28.

  • Storm Spotter 2013

    • February 28, 2013 at 5:55 PM
    Storm Spotter classes are a great way to learn how to read the sky and radar and determine how severe the weather is.

  • ERM and Innovation

    • February 15, 2013 at 1:39 PM
    The old viewpoint that innovation only occurs at growing organizations who take risks has long been dismissed by many leading universities and corporations. However, the idea that enterprise risk management (ERM) can co-exist with innovation, let alone promote and partner with it, is still viewed as polarizing. But, is this accurate?

  • UPnP Vulnerabilities - Network Devices

    • February 8, 2013 at 2:29 PM
    Multiple vulnerabilities in UPnP feature on network devices

  • Responding to a phish.

    • January 29, 2013 at 6:07 PM
    Responding to phishing messages, what can be done? In this post we analyze some phishing messages, and take some countermeasures.

  • Convincing Scam E-mail Targets Faculty, Staff, and Students

    • January 14, 2013 at 1:28 PM
    Attackers are targeting university faculty, staff, and students with a convincing but malicious e-mail message with the subject "Your Account May Have Been Compromised‏".

  • Information Systems Acquisition, Development, and Maintenance - Domain 9 of the Information Security & Privacy Program

    • December 7, 2012 at 4:16 PM
    Information systems are at the heart of many university processes. It is therefore important that these systems be acquired, designed, implemented, and maintained with information protection in mind.

  • ERM and Opportunities

    • December 7, 2012 at 11:52 AM
    In today’s Enterprise Risk Management (ERM) world, organizations have learned to focus on the risks that affect their ability to meet goals and objectives. However, one item that is often overlooked is the ability to identify, inventory, track, and report on opportunities.

    Recent Security Bulletins

  • February 12, 2013 at 11:03 AM

    • Vulnerabilities in Adobe ColdFusion
    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.
  • January 22, 2013 at 9:02 AM

    • Java Security Recommendations
    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.
  • January 10, 2013 at 1:59 PM

    • Zero Day Java 7 Vulnerability
    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.
  • November 8, 2012 at 3:50 PM

    • Vulnerability in Symantec Endpoint Protection
    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB files. This vulnerability may allow an unauthenticated remote or local attacker to execute arbitrary code with SYSTEM privileges on a targeted computer.
    • Read the PSIA Blog
    • IU Notify
    • Crime Prevention Tips from IUPD
    • Request Assistance from Environmental Health and Safety
    • Secure Your Computer