Projects to support priority
We will provide security solutions such that we have no incidents attributable to a lack of best practices.
| Project/Description | Key Dates | Contacts |
|---|---|---|
|
Business Affairs |
5/1/17-4/30/18 | Michael Tran Duff |
|
Business Affairs |
5/1/17-12/31/17 | Michael Tran Duff |
|
Business Affairs |
5/1/17-2/28/18 | Michael Tran Duff |
| Determine the impact of NIST 800-171 on the University's research operations and provide guidance for building compliant environments. | 5/1/17-11/30/17 | Michael Tran Duff |
|
Substantially expand the University's capability to proactively detect compromised servers, endpoints, websites, and user accounts. By October 1, 2017, create a list of specific detectable behaviors that are indicative of compromise. Implement detection mechanisms for five or more of these behaviors by April 30, 2018. Generate automated reports of new detections. Establish a comprehensive detection-response workflow for one or more of these detection classes. Deploy production Bro and ELK infrastructure to analyze full-scale campus network traffic with a capacity for 18 month log retention by December 31, 2017. Ensure that all critical system logs identified as of August 1, 2017 are feeding into Splunk or ELK by December 31, 2017. |
5/1/17-4/30/18 | Michael Tran Duff |
| Publish revised Admin Guide Chapter 6. | 12/1/17 | Michael Tran Duff |
| Explore cyber insurance options for the University to complement the policies already in place for the Stanford Medicine entities. | 12/1/17 | Michael Tran Duff |
| Develop and publish a proof-of-concept "HOWTO" website that provides step-by-step instructions for navigating complex business processes. | 9/1/17 | Michael Tran Duff |
| Continue strengthening user authentication mechanisms for the third party systems that handle High Risk Data on behalf of the University. | Multi-year | Michael Tran Duff |
