IT News & Events

News about IT at Indiana University and the world


EDUCAUSE Review case study highlights IU's cyber risk mitigation policy, IT-28

Case study details how university leaders implemented a policy to reduce cyber risks

How do universities manage and mitigate cyber risk? A new case study published by EDUCAUSE Review, "Crafting and Implementing a Policy to Reduce Cyber Risks," explores this issue in depth.

When Indiana University adopted a policy for cyber risk mitigation responsibilities, it represented a first step toward understanding and better managing the cybersecurity risk profile of the entire university. Known as IT Policy 28, or IT-28 for short, the policy states that IT services should operate from secure facilities (university data centers) and, when practicable, use central IT shared services, as this case study explains.

The case study is authored by those in the know: Dan Calarco, chief of staff in the IU Office of the Vice President for IT and CIO, and Brad Wheeler, IU vice president for IT and CIO and interim dean of the university's School of Informatics and Computing.

Read the full report here: