For IT Pros

Other Helpful Resources

IT professionals have an elevated level of access and permissions to technical resources at Vanderbilt. By partnering with the Office of Cybersecurity and building security into your solutions and processes, you can help protect your customers and prevent downstream issues.

  • Training

    Technical solutions will only secure your IT assets so far. The people involved play a huge role in keeping the environment secure. Be aware of the common risks and best practices to prevent becoming an attacker's avenue for access. The following online training courses can help and are strongly recommended for all IT professionals:

    • Foundational Training covers red flags basics such as social engineering, phishing, and passwords. To request access, submit a ticket.
    • IT Admin Training covers topics geared toward those with a functional IT role such as privileged access and spear phishing. To request access, submit a ticket.
  • Asset Inventory

    Having an accurate IT asset inventory is an important aspect of any security program. VUIT is actively working on procuring a centralized solution. Once implemented, all university IT assets must be inventoried in it.

    In the meantime, inventory your area's assets in whatever platform makes sense for you. Just be sure to record details that are listed in the IT Asset Management Standard.

    When the central IT asset inventory is available, be ready to partner with VUIT to migrate/import your inventory.

  • Secure Configuration Baseline

    Cybersecurity has developed secure baseline configurations for a variety of device types, because factory default settings are not always the most secure. These secure configs are a list of settings that when applied, not only ensure the device itself is individually secured, but also helps it comply with internal VU policy and most regulations.

    Apply the approved secure configs to devices under your purview. To find out what secure configs are approved and available and to learn more information, visit here.

    All VUIT-managed computers that are used in an administrative support area already have the appropriate secure config applied. To get instructions or troubleshooting help for applying to devices outside of this scope, contact VUIT.

  • Incident Response

    Given your access and role, you may be the first to notice suspicious activity. Report security events immediately and then leave the investigation to Cybersecurity. Do not attempt to look into it yourself, as you could inadvertently tamper with evidence or muddy the forensics. Do keep the situation

  • Security Policy Reference Guide & FAQs

    The Office of Cybersecurity has developed policies and standards to set consistent expectations. Because there are many documents and a lot of information to digest, the page below was developed to help simplify and summarize things for the Vanderbilt community. Visit this page for a summary of what the policies mean and for answers to frequently asked questions.

    https://www.vanderbilt.edu/cybersecurity/policies/policy-ref-guide

The Office of Cybersecurity is evaluating existing services and creating more to better support the community. We are also working on creating lists of secure solutions based on data classification for common needs such as storage, transfer, and more. We will publish those here as they become available.

Below is a curated view of the security policies, services, and guidance documents that are directly relevant to IT professionals. These resources can be found in other sections of this site, but have been organized here for your consolidated view. For full listings, use the navigation bar at the top of this page.

Question icon

Not sure how to start?

Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.

Get Security Help