IU is home to nearly 95,000 students, 9,000 faculty, and 11,000 staff across the state. To protect and secure their data and research, IU relies on three layers of cyber protection: technical defenses, policies, and human behavior. OVPIT has been leading the way in all three areas.
Since the 2017 implementation of Two-Step Login with Duo, IU has reduced compromised accounts by 99 percent. IU has also implemented measures to mitigate distributed denial of service attacks and block brute force attacks on passwords.
OVPIT has developed a suite of risk mitigation policies to protect the IU community.
Among those policies is IT-28. The policy states that IT services should operate from secure facilities (university data centers) and, when practicable, use central IT shared services to mitigate cybersecurity risk.
The policy called for a complete catalog of every server on campus. After the survey, many servers were moved into the data centers and those that could not be were identified so that physical and technical security could be assured. Under IT-28, OVPIT and the IT community will complete a peer review cycle every two years.
To educate IU faculty, staff , and students on how to guard against phishing, OVPIT communicates frequently and through various methods—emails, columns in staff newsletters, and a “Think Before You Click” campaign with an associated website.“The goal has always been to better manage the cybersecurity risk profile throughout the entire university,” said Brad Wheeler, IU vice president for IT and chief information officer.