Stanford Partners Assemble to Improve Response to Information Security Incidents

We’ve all heard the news reports—laptops containing medical records stolen, online systems with personal financial information compromised, targeted emails phishing for personally identifiable information, and computers commandeered by ransomware. It’s enough to make you long for the good old days of hand written letters and corded phones.

That’s why Stanford’s information technology and privacy units are working diligently to protect Stanford’s information as well as your own, and to prepare themselves to quickly respond to any information security incident.

Periodic joint exercises

As part of Stanford’s Quarterly Incident Response Exercise Program which began in February 2016, a four-hour security incident response exercise was held last month using various incidents as specific scenarios for extending collaboration and refining procedures.

The exercise was facilitated by University IT (UIT) and led primarily by its Information Security Office (ISO). It included 27 participants from across the university, including information security staff from UIT, the School of Medicine, SLAC, and Stanford Health Care; privacy staff from the University Privacy Office and Stanford Healthcare Privacy Office; and the Office of General Counsel.

This comprehensive exercise provided participants with a narrative that evolved throughout the course of the session. Pieces of information referred to as "injects" were delivered to specific exercise participants via email, simulating the fact that not all information is known immediately, nor by all players.

Michael Tran Duff, Assistant Vice President and Chief Information Security Officer

Everyone was encouraged to work within and across their groups to put together the big picture and respond appropriately to the changing situation. The exercise was paused occasionally to verify understanding and identify opportunities to collaborate more broadly, refine responses, and communicate with the larger Stanford community.

“Preparing for information security incidents through periodic joint exercises is essential, and each one is illuminating,” said Michael Tran Duff, Assistant Vice President and Chief Information Security Officer. “Through these exercises, we cultivate relationships, hone communications, and refine our response plan.”

Future plans

While preventing such incidents from occurring remains the primary focus, both group and individual feedback collected at the conclusion of the exercise confirmed that participants felt that it was extremely valuable and should continue to be conducted quarterly. The next one is scheduled for December 9.

The exercise also demonstrated that there is still work to be done to prepare for an inevitable incident, including updating response plans and clarifying communication channels. This work is underway across the university.