Tone Up With Cybersecurity Fitness

Cybersecurity fitness is the new theme for the university’s information security program, using positivity and metrics to educate and motivate. Several new efforts are being launched under this theme, including:

• Fitness Reports: A semi-annual cybersecurity fitness report will be issued to the leadership of each school and other large business units. The report will display an A-F letter grade reflecting the organization's security posture, along with a numerical ranking against other Stanford units. It will also include a chart showing the components of the score along with recommendations for improvement. In addition, a “State of Cybersecurity” report for the university as a whole will be issued annually by the Chief Information Security Officer, Michael Tran Duff. 
• Vulnerability Reports: With the goal of prompting corrective action, monthly vulnerability scan results are now being proactively sent to IT leaders and system administrators. IT leaders receive an executive summary, and system administrators receive a more detailed report. Learn more at scanning.stanford.edu. 
• Incident Metrics: Key statistics will be published on the Information Security Office (ISO) website in order to raise awareness of the pervasiveness of cyber threats. 
• Phishing Awareness: Weekly simulated phishing messages are now being sent to all faculty and staff as part of ISO’s “no harm, no foul” Phishing Awareness Program.  Learn more at phishing.stanford.edu. 
• Annual Training: A 15-minute video will be produced that is intended for annual employee information security training. The video will be a compilation of several shorter, topic-specific vignettes that can be viewed independently. 
• Proactive Engagements: ISO will collaborate with departments to improve the security of their systems and operations, while promulgating adoption of the university’s minimum security standards.  Learn more at minsec.stanford.edu. 
• EAT with ISO: Education, Awareness, and Training (EAT) with ISO.  These one-hour fitness events will be coordinated with departments throughout campus. 
• Simplified Logins: In the interest of improving usability and security, University IT will soon provide a password manager free of charge to all users.  Learn more at passwordmanager.stanford.edu.  In addition, a new “passwordless” login capability enables VPN logins without username, password, and two-step authentication.  This capability will be extended to web logins in the fall.  Learn more at clientcerts.stanford.edu.