CACR is engaged in a wide array of cybersecurity initiatives, providing the nation with leadership in applied cybersecurity technology, education, and policy. Let us know how we can help you with your cybersecurity needs.
Initiatives
Trusted CI provides the NSF community with a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.
Securing research data, especially meeting new, stricter regulatory and other cybersecurity requirements, is becoming a challenge for both IU researchers and campus units that support research.
To help them navigate this complex landscape, CACR, UITS Research Technologies, and OVPIT Information Security are partnering to reduce the cybersecurity burden on researchers while enabling improved cybersecurity for IU research projects.
Cybertrack, a partnership between CACR, the Indiana Office of Technology, and Purdue University's cyberTAP program, is a program providing cybersecurity assessments for local governments. The goal of Cybertrack is to reduce the chances of cyberattacks occurring. The program developed a unique, robust assessment methodology which gained attention from the Cybersecurity and Infrastructure Security Agency (CISA) and at the Naval Surface Warfare Center, Crane division.
CACR launched a Student Fellows Program pilot in March of 2024 as a natural succession to our positive historical experiences hosting student interns and student fellows. The fellowships are for a full academic year and the applications for the fall are announced the prior spring semester.
The Center for Applied Cybersecurity Research (CACR) hosts several events throughout the year, most notably our CACR Speaker Series.
Our speakers are experts from across the nation, presenting a diverse range of cybersecurity research and real-world experiences.
CACR Cyber Conversations (CCCs) are informal discussions where we convene to discuss cybersecurity topics with diverse experts in an informal setting. We typically have a speaker/moderator that gives a short informal topical introduction to frame the discussion.
CCCs are held every Friday from 12-1 P.M. Eastern Time.
CACR hosts week-long in-person and virtual workshops to provide middle and high school students with the unique opportunity to learn about cybersecurity from experts. Students can use tools and techniques that professionals use to protect and attack computer systems.
Cybercamps cover fundamental topics such as cryptography, cybersecurity careers, cybercrime, data forensics, lockpicking, network security, programming, social engineering, vulnerability testing, and website penetration testing.
We believe high-level principles underlie a great deal of existing information security thinking and practice, but that they have remained generally under-researched and unarticulated in favor of technical documents that are highly detailed and highly prescriptive, such as the NIST Risk Management Framework, CIS Critical Security Controls, ISO standards, or the HIPAA security rule. These documents may be loaded with great advice, but they are difficult to understand without the benefit of significant prior training, and do little to help someone learn to "think like a security practitioner" or to address novel, emergent situations. The Information Security Practice Principles seek to bridge this gap, providing a foundational mental model for Information security problem-solving. The Principles can be used to teach new or non-practitioners, such as students and executives, about doing information security; they can help practitioners make decisions in novel situations, where an established best practice many not exist; and they can add validity and salience to existing, more-detailed statements of best practice.
The CACR-Maurer Affiliate (Law and Policy) Program is a collaborative initiative providing Indiana University Maurer School of Law students an opportunity to work directly with Scott Russell, CACR Senior Policy Analyst, on legal problems. Students have demonstrated interest in privacy and cybersecurity and receive one credit hour for participating. Contact Professor Tomain with questions.
The C4L Bootcamp focuses on key cybersecurity program enablers of mission alignment, governance, resourcing, and controls based on the Trusted CI Framework. The training includes explicit detail on what leaders must do (and avoid) to evolve the cybersecurity program and organization’s culture. Additionally, the training introduces your organization to CACR’s Information Security Practice Principles as a tool to assist leaders with decision making, communication, and strategy.
Intermediate and advanced training packages are available for organizations who desire more in-depth training.
CACR provides System Security Engineering (SSE) professional services to industry and government in many contexts. CACR staff have collectively supported customers in every business vertical, bringing the best in class to customers that seek evidence-based approaches to improve security outcomes. We uniquely tailor solutions to the individual needs of a project. CACR can draw on the full range of capabilities at Indiana University, which includes 9 campuses, 16 schools, and more than 250 research centers. Many engagements start with customers that do not fully understand their requirements, which is understandable given the unrelenting pace of change in cybersecurity.
to learn more about SSE services.
The IU Center for Applied Cybersecurity Research (CACR) is a leader in improving the cybersecurity capabilities of partners throughout industry including the US Department of Defense (DoD), National Science Foundation (NSF), Department of Homeland Security (DHS), and private sector organizations. The CACR CISO and Deputy CISO develop and maintain a comprehensive cybersecurity program exemplary of the same behavior we recommend to our partners.
As a member of the greater Indiana University information technology and security community, the CACR cybersecurity program employs local policies, procedures, and training oriented to the protection of our data, technology assets, and the CACR community.
Chief Information Security Officer (CISO): Will Drake
Deputy Chief Information Security Officer (DCISO): Ishan Abhinit
If you have a security related question related to CACR, please email cacrciso@iu.edu.
To report an incident to the IU University Information Security and Policy offices, please visit: Report an IT incident