Security and Policy

Security and Policy protects the security of the data that crosses the networks and promotes the preservation of personal security and privacy for all people at Purdue University.

Identity and Access Management

  • Coordinates identity assignment and role-based access across the University
  • Provides consistent campus-wide means of managing and identifying constituents for granting access to University resources and ensuring individual privacy
  • Manages the Purdue Career Account service, the Purdue University ID (PUID) program, and the BoilerKey two-factor authentication service
  • Provides assistance in integrating new applications and services into the campus identity and access management infrastructure

Information Assurance

  • Facilitates the development of University information security policies, standards, guidelines and procedures; and consults on information security compliance with University policy, contractual requirements, and federal, state and local law
  • Facilitates the stewardship of University Information Assets including the proper classification, sharing and handling
  • Assesses risk to the confidentiality, integrity, and availability of University Information Assets according to privacy, law and regulatory concerns; and in the procurement of new Information Technology software or services
  • Develops and facilitates information security awareness programs and tools in collaboration with Data Stewards, IT Security Officers, and other Information Technology stakeholders

Security Services

  • Provides a full suite of activities, including: vulnerability scanning, reporting, and notification; security assessments, reviews, and consultations; incident response and remediation; audit response coordination; second- and third-tier technical support; and support for data center firewalls, security software and campus-wide anti-malware software
  • Manages security systems, including endpoint security management, central log collection and archive, SIEM, IPS, policy management for firewalls, vulnerability scanners, web application security scanners, and secure file sharing