IRT Information Security Services

IRT Security is here to help you. In addition to keeping the School of Medicine networks secure and operational, we also provide you the tools to ensure your own computer security, and support you in case of a security incident.

By educating yourself now about strong computer security practices, you're taking the first step in preventing computer problems. Below, find the resources explaining the need for strong computer security, and the tools you can use to protect yourself and your information.

News

New Risk Classification

As of May 2015, a new set of classifications has been established and is now in effect for Stanford data and systems: High Risk, Moderate Risk, and Low Risk. The former framework - Prohibited, Restricted, Confidential, and Unrestricted - will be phased out by January 2016.

About WinSecure Network

Devices used to manage critical scientific equipment or applications which can't be upgraded to current security requirements may be able to take advantage of the WinSecure Network (it's not just for Windows devices!). This network is used to compensate for the risks posed by devices using unsupported operating systems or which otherwise can't meet the current requirements.  Click here for details.

SISA Security Classes

The Minimum Security Standards for servers and applications require sysadmins and developers to take two days of classroom training per year, through Stanford Information Security Academy. Classes are offered periodically. Click here for details.

Apple Watch

Early adopters are wondering about the Apple Watch and Stanford information security policy. Click here for details.

I Need Help!

Lost or Stolen Device — Any employee who has lost, or had stolen, a device used for Stanford business is responsible for following all school procedures. This includes reporting the situation immediately to the Stanford University Privacy Office. Click here for the Data Security Program's instructions for reporting a missing device.

Reporting an Incident — How to  report a security incident, as outlined in the Administrative Guide.

I Think I've Been Hacked — What to do if your computer or server may be compromised.

What is a DMCA Notice? — The correct procedures to follow if you receive a DMCA notice.

Email Information Security — You can file a Help Request, or contact us at irt-security@lists.

Contact Information Security — Our Information Security team members, with email addresses and other contact information.

 

Tools & Info

Encryption — Protecting the sensitive information that may be stored on your computer.

Bastion Access — How to log into Bastion with two-factor authentication.

MedSecureSend — Using Stanford Medicine's secure file transfer service.

How To Secure Your Information — A starting place for protecting the information on your computer: how to encrypt your computer, back up your information securely, and send secure files and email.

Cloud Computing — About cloud-based services and which ones are IRT-approved.

Research and Security — Help with creating a data security plan for your grant proposal.

Information Privacy and Security Policies — Stanford-specific policies regarding computer usage, SUMCnet and HIPAA.

Good Practices — A common-sense cheatsheet for everyday ways to protect your information.

I'm Leaving Stanford

OUR MISSION STATEMENT:

Proactively protect SoM information

Monitor and proactively protect the SoM networks

Provide a variety of information security options to protect resources on the School's networks from disruptions, modifications, and disclosure

Develop and publish requirements for the secure configuration of computer systems on the School's network

Provide information security education and awareness programs to faculty, staff, and students

Data Security Program

The Data Security Program helps you comply with Stanford policy and federal law. Visit for help with encryption, secure storage, and automatic backups.

If you have any questions, ask. You can also send us an email at irt-security@lists, or call us at 725-8000 (option 4). Even if your question isn't about computer security, we'll be happy to help you find the answer.