CACR is engaged in a wide array of cybersecurity initiatives, providing the nation with leadership in applied cybersecurity technology, education, and policy. Let us know how we can help you with your cybersecurity needs.
Trusted CI provides the NSF community with a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.
Securing research data, especially meeting new, stricter regulatory and other cybersecurity requirements, is becoming a challenge for both IU researchers and campus units that support research.
To help them navigate this complex landscape, CACR, UITS Research Technologies, and OVPIT Information Security are partnering to reduce the cybersecurity burden on researchers while enabling improved cybersecurity for IU research projects.
Cybertrack, a partnership between CACR, the Indiana Office of Technology, and Purdue University's cyberTAP program, is a program providing cybersecurity assessments for local governments. The goal of Cybertrack is to reduce the chances of cyberattacks occurring. The program developed a unique, robust assessment methodology which gained attention from the Cybersecurity and Infrastructure Security Agency (CISA) and at the Naval Surface Warfare Center, Crane division.
CACR launched a Student Fellows Program pilot in March of 2024 as a natural succession to our positive historical experiences hosting student interns and student fellows. The fellowships are for a full academic year and the applications for the fall are announced the prior spring semester.
The Center for Applied Cybersecurity Research (CACR) hosts several events throughout the year, most notably our CACR Speaker Series.
Our speakers are experts from across the nation, presenting a diverse range of cybersecurity research and real-world experiences.
CACR Cyber Conversations (CCCs) are informal discussions where we convene to discuss cybersecurity topics with diverse experts in an informal setting. We typically have a speaker/moderator that gives a short informal topical introduction to frame the discussion.
CCCs are held every Friday from 12-1 P.M. Eastern Time.
IU aims to protect critical space infrastructure and to build a foundation for cybersecurity policy in its work for the Air Force Office of Scientific Research. This three-year funded effort began in 2024 and will convene experts from many domains to submit theories for space-cyber power, which will inform strategies, policies, and doctrine.
The Army Cyber Institute’s Jack Voltaic program works to improve the resilience of critical infrastructure through exercises that identify multi-sector resilience issues by engaging both military and civilian stakeholders. CACR is developing training content and a cyber tabletop simulation capability that can scale to serve the thousands of communities around the United States.
CACR hosts week-long in-person and virtual workshops to provide middle and high school students with the unique opportunity to learn about cybersecurity from experts. Students can use tools and techniques that professionals use to protect and attack computer systems.
Cybercamps cover fundamental topics such as cryptography, cybersecurity careers, cybercrime, data forensics, lockpicking, network security, programming, social engineering, vulnerability testing, and website penetration testing.
The Principles-based Assessment for Cybersecurity Toolkit (PACT) is a tool for assessing the toughest cybersecurity problems. CACR chief policy analysts developed the tool in collaboration with NSWC Crane. As a naval installation, Crane uses technologies that many would consider atypical, and which require custom cybersecurity solutions.
We believe high-level principles underlie a great deal of existing information security thinking and practice, but that they have remained generally under-researched and unarticulated in favor of technical documents that are highly detailed and highly prescriptive, such as the NIST Risk Management Framework, CIS Critical Security Controls, ISO standards, or the HIPAA security rule. These documents may be loaded with great advice, but they are difficult to understand without the benefit of significant prior training, and do little to help someone learn to "think like a security practitioner" or to address novel, emergent situations. The Information Security Practice Principles seek to bridge this gap, providing a foundational mental model for Information security problem-solving. The Principles can be used to teach new or non-practitioners, such as students and executives, about doing information security; they can help practitioners make decisions in novel situations, where an established best practice many not exist; and they can add validity and salience to existing, more-detailed statements of best practice.
The CACR-Maurer Affiliate (Law and Policy) Program is a collaborative initiative providing Indiana University Maurer School of Law students an opportunity to work directly with Scott Russell, CACR Senior Policy Analyst, on legal problems. Students have demonstrated interest in privacy and cybersecurity and receive one credit hour for participating. Contact Professor Tomain with questions.
Targeted to both non-cybersecurity and cybersecurity leaders, the Cybersecurity for Leadership (C4L) curriculum begins with a half-day Bootcamp that provides practical tools to help organizational leaders play an effective role in cybersecurity oversight.
The C4L Bootcamp focuses on key cybersecurity program enablers of mission alignment, governance, resourcing, and controls based on the Trusted CI Framework. The training includes explicit detail on what leaders must do (and avoid) to evolve the cybersecurity program and organization’s culture. Additionally, the training introduces your organization to CACR’s Information Security Practice Principles as a tool to assist leaders with decision making, communication, and strategy.
Intermediate and advanced training packages are available for organizations who desire more in-depth training.
Compliance is rapidly emerging as a major challenge for IT organizations supporting research, particularly those with little or no prior experience with regulated data. Research environments within and outside academia are suddenly finding themselves head to head with cybersecurity and privacy requirements such as HIPAA, DFARS, CMMC, FISMA, and GDPR. CACR specializes in cybersecurity and compliance in such environments, and offers its expertise, guidance, and consulting to research organizations, including IU.
CACR provides System Security Engineering (SSE) professional services to industry and government in many contexts. CACR staff have collectively supported customers in every business vertical, bringing the best in class to customers that seek evidence-based approaches to improve security outcomes. We uniquely tailor solutions to the individual needs of a project. CACR can draw on the full range of capabilities at Indiana University, which includes 9 campuses, 16 schools, and more than 250 research centers. Many engagements start with customers that do not fully understand their requirements, which is understandable given the unrelenting pace of change in cybersecurity.
to learn more about SSE services.
The IU Center for Applied Cybersecurity Research (CACR) is a leader in improving the cybersecurity capabilities of partners throughout industry including the US Department of Defense (DoD), National Science Foundation (NSF), Department of Homeland Security (DHS), and private sector organizations. The CACR CISO and Deputy CISO develop and maintain a comprehensive cybersecurity program exemplary of the same behavior we recommend to our partners.
As a member of the greater Indiana University information technology and security community, the CACR cybersecurity program employs local policies, procedures, and training oriented to the protection of our data, technology assets, and the CACR community.
Chief Information Security Officer (CISO): Will Drake
Deputy Chief Information Security Officer (DCISO): Ishan Abhinit
If you have a security related question related to CACR, please email cacrciso@iu.edu.
To report an incident to the IU University Information Security and Policy offices, please visit: Report an IT incident