Skip to content Skip to site navigation Skip to service navigation

Information Privacy and Security Position Papers

This page contains documents that outline Privacy's and ISO's positions on a number of topics. These are not university policies, but can be referenced during decision making processes.

Topics for Future Papers

The following are topics for which Privacy and ISO may generate a position paper in the future. If you have an idea for a position paper topic, please feel free to reach out to the ISO GRC team via a help ticket.

  • 2-factor authentication (fail-safe versus fail-open)
  • Ad-blockers
  • Bulk mailings from 3rd party tools
  • Faculty and grad students managing servers
  • Management of printers and other embedded devices
  • Recommended SSL/TLS Cipher Suites 
  • RFC 1149 - The Transmission of IP Datagrams on Avian Carriers
  • Secret Management in automation
  • Security products from companies with significant foreign ownership (Kaspersky… etc) 
  • Security.txt file
  • Usage of Yubikeys
  • Use of bastion hosts
  • Use of external penetration testers
  • Use of IPMI and other remote server consoles
  • Use of non-Stanford owned devices for Stanford business
  • Use of non-Stanford staff for the management of High risk servers
  • Use of password managers
  • Use of PCI P2PE solutions on the campus network infrastructure 
  • Use of SNMP 
  • User enabled third-party add-ons to Stanford services (i.e. Google Apps, O365, Box...etc)