For IT Pros

IT professionals have an elevated level of access and permissions to technical resources at Vanderbilt. By partnering with the Office of Cybersecurity and building security into your solutions and processes, you can help protect your customers and prevent downstream issues.

Security resources IT professionals should be familiar with:

  • Training

    Technical solutions will only secure your IT assets so far. The people involved play a huge role in keeping the environment secure. Be aware of the common risks and best practices to prevent becoming an attacker's avenue for access. The following online training courses can help and are strongly recommended for all IT professionals:

    • Foundational Training covers red flags basics such as social engineering, phishing, and passwords. To request access, submit a ticket.
    • IT Admin Training (coming soon) covers topics geared toward those with a functional IT role such as privileged access and spear phishing. To request access, submit a ticket.
  • Architecture Review

    Configuring systems with security in mind on the front end will help prevent downstream issues. When installing new IT assets or making changes to existing ones, a security architecture review can help identify potential technical gaps and provide recommendations for better securing them.

    Click here to learn more about architecture review, and how to request one.

  • Asset Inventory

    Having an accurate IT asset inventory is an important aspect of any security program. VUIT is actively working on implementing a centralized solution. Once implemented, all university IT assets must be inventoried in it.

    When the new solution is ready, partner with VUIT to migrate and verify assets that are already inventoried in other VUIT-managed tools (e.g., Cherwell). 

    For assets that are not already in VUIT managed tools, start recording details listed in the IT Asset Management Standard now, as you will be required to upload them.

  • Secure Configuration Baseline

    Cybersecurity is developing secure baseline configurations for a variety of IT assets. These baseline configurations will help ensure your IT assets are deployed with the proper settings and will be able to monitor deviance. 

    Available versions:

    • Windows 10: This configuration is deployed to all VUIT managed devices in administrative areas.
    • MacOS Ventura: This configuration is deployed to all VUIT managed devices in administrative areas. 
    • Other OS versions: under development

    To get instructions or troubleshooting help for applying to devices outside of this scope, contact VUIT.

  • Incident Response

    Given your access and role, you may be the first to notice suspicious activity. Report security events immediately and then leave the investigation to Cybersecurity. Do not attempt to look into it yourself, as you could inadvertently tamper with evidence or muddy the forensics.

  • Security Policy Cheat Sheet & FAQs

    The Office of Cybersecurity has developed policies and standards to set consistent expectations. Because there are many documents and a lot of information to digest, the page below was developed to help simplify and summarize things for the Vanderbilt community:

The Office of Cybersecurity is evaluating existing services and creating more to better support the community. We are also working on creating lists of secure solutions based on data classification for common needs such as storage, transfer, and more. We will publish those here as they become available.

Below is a curated view of the security policies, services, and guidance documents that are directly relevant to IT professionals. These resources can be found in other sections of this site, but have been organized here for your consolidated view. For full listings, use the navigation bar at the top of this page.

Question icon

Not sure how to start?

Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.

Get Security Help