Skip to content Skip to site navigation Skip to service navigation

Information Security

Projects to support priority

We will provide security solutions such that we have no incidents attributable to a lack of best practices.

Project/Description Key Dates Contacts

Business Affairs
High risk servers and applications operated by the University: Attain and sustain adoption of the Minimum Security Standards across all such servers and applications, allowing for exceptions and measured against per-standard adoption goals.

5/1/17-4/30/18 Michael Duff

Business Affairs
Develop Minimum Security Standards and publish adoption guidance for cloud-based systems (IaaS, PaaS, and SaaS).

5/1/17-12/31/17 Michael Duff

Business Affairs
Implement infrastructure to enable opt-in client certificate provisioning for simplified and strengthened user authentication via campus web single sign-on.

5/1/17-2/28/18 Michael Duff
Determine the impact of NIST 800-171 on the University's research operations and provide guidance for building compliant environments. 5/1/17-11/30/17 Michael Duff

Substantially expand the University's capability to proactively detect compromised servers, endpoints, websites, and user accounts.

By October 1, 2017, create a list of specific detectable behaviors that are indicative of compromise. Implement detection mechanisms for five or more of these behaviors by April 30, 2018. Generate automated reports of new detections. Establish a comprehensive detection-response workflow for one or more of these detection classes.

Deploy production Bro and ELK infrastructure to analyze full-scale campus network traffic with a capacity for 18 month log retention by December 31, 2017.

Ensure that all critical system logs identified as of August 1, 2017 are feeding into Splunk or ELK by December 31, 2017.

5/1/17-4/30/18 Michael Duff
Publish revised Admin Guide Chapter 6. 12/1/17 Michael Duff
Explore cyber insurance options for the University to complement the policies already in place for the Stanford Medicine entities. 12/1/17 Michael Duff
Develop and publish a proof-of-concept "HOWTO" website that provides step-by-step instructions for navigating complex business processes. 9/1/17 Michael Duff
Continue strengthening user authentication mechanisms for the third party systems that handle High Risk Data on behalf of the University. Multi-year Michael Duff
Last modified August 31, 2017