For IT Pros

Technical solutions will only secure your IT assets so far. The people involved play a huge role in keeping the environment secure. Be aware of the common risks and best practices to prevent becoming an attacker's avenue for access. The following online training courses can help and are strongly recommended for all IT professionals:

• Foundational Training covers red flags basics such as social engineering, phishing, and passwords. To request access, submit a ticket.
• IT Admin Training covers topics geared toward those with a functional IT role such as privileged access and spear phishing. To request access, submit a ticket.

Having an accurate IT asset inventory is an important aspect of any security program. VUIT is actively working on procuring a centralized solution. Once implemented, all university IT assets must be inventoried in it.

In the meantime, inventory your area's assets in whatever platform makes sense for you. Just be sure to record details that are listed in the IT Asset Management Standard.

When the central IT asset inventory is available, be ready to partner with VUIT to migrate/import your inventory.

Cybersecurity is developing secure baseline configurations for a variety of device types because factory default settings are not always the most secure.  These secure configs are a list of settings that when applied, not only ensure the device itself is individually secured, but also helps it comply with internal VU policy and most regulations.  

Secure configurations are based on device operating system version. Available secure configs:

• Windows 10
  
• MacOS Ventura
• Windows Server 2019 and 2022

Other OS versions are in development and testing.

All VUIT-managed computers that are used in an administrative support area already have the appropriate secure config applied. To get instructions or troubleshooting help for applying to devices outside of this scope, contact VUIT.

Given your access and role, you may be the first to notice suspicious activity. Report security events immediately and then leave the investigation to Cybersecurity. Do not attempt to look into it yourself, as you could inadvertently tamper with evidence or muddy the forensics. Do keep the situation

The Office of Cybersecurity has developed policies and standards to set consistent expectations. Because there are many documents and a lot of information to digest, the page below was developed to help simplify and summarize things for the Vanderbilt community. Visit this page for a summary of what the policies mean and for answers to frequently asked questions.

https://www.vanderbilt.edu/cybersecurity/policies/policy-ref-guide