For IT Pros

Technical solutions will only secure your IT assets so far. The people involved play a huge role in keeping the environment secure. Be aware of the common risks and best practices to prevent becoming an attacker's avenue for access. The following online training courses can help and are strongly recommended for all IT professionals:

• Foundational Training covers red flags basics such as social engineering, phishing, and passwords. To request access, submit a ticket.
• IT Admin Training (coming soon) covers topics geared toward those with a functional IT role such as privileged access and spear phishing. To request access, submit a ticket.

Configuring systems with security in mind on the front end will help prevent downstream issues. When installing new IT assets or making changes to existing ones, a security architecture review can help identify potential technical gaps and provide recommendations for better securing them.

Click here to learn more about architecture review, and how to request one.

Having an accurate IT asset inventory is an important aspect of any security program. VUIT is actively working on implementing a centralized solution. Once implemented, all university IT assets must be inventoried in it.

When the new solution is ready, partner with VUIT to migrate and verify assets that are already inventoried in other VUIT-managed tools (e.g., Cherwell). 

For assets that are not already in VUIT managed tools, start recording details listed in the IT Asset Management Standard now, as you will be required to upload them.

Cybersecurity is developing secure baseline configurations for a variety of IT assets. These baseline configurations will help ensure your IT assets are deployed with the proper settings and will be able to monitor deviance. 

Available versions:

• Windows 10: This configuration is deployed to all VUIT managed devices in administrative areas.
  
• MacOS Ventura: This configuration is deployed to all VUIT managed devices in administrative areas. 
• Other OS versions: under development

To get instructions or troubleshooting help for applying to devices outside of this scope, contact VUIT.

Given your access and role, you may be the first to notice suspicious activity. Report security events immediately and then leave the investigation to Cybersecurity. Do not attempt to look into it yourself, as you could inadvertently tamper with evidence or muddy the forensics.

The Office of Cybersecurity has developed policies and standards to set consistent expectations. Because there are many documents and a lot of information to digest, the page below was developed to help simplify and summarize things for the Vanderbilt community:

https://www.vanderbilt.edu/cybersecurity/policies/policy-cheat-sheet/