IRT Information Security Services
IRT Security is here to help you. In addition to keeping the School of Medicine networks secure and operational, we also provide you the tools to ensure your own computer security, and support you in case of a security incident.
By educating yourself now about strong computer security practices, you're taking the first step in preventing computer problems. Below, find the resources explaining the need for strong computer security, and the tools you can use to protect yourself and your information.
New Risk Classifications
As of May 2015, a new set of classifications has been established and is now in effect for Stanford data and systems: High Risk, Moderate Risk, and Low Risk. The former framework - Prohibited, Restricted, Confidential, and Unrestricted - will be phased out by January 2016.
About WinSecure Network
Devices that cannot be upgraded to meet the data security requirements which are used to manage critical scientific equipment or applications may be able to take advantage of the WinSecure Network (not just for Windows devices!). This network is used to compensate for the risks posed by devices using unsupported operating systems or which otherwise cannot meet the current requirements. Click here for details.
University Security Mandate
Stanford has issued a University-wide security mandate, with updated computer security requirements, including encryption. Next Deadline: May 31st, 2015 - Encryption of all laptops and desktops at the School of Medicine. Click here for details (webauth required).
For information on the School of Medicine's plan for the May 2015 deadline, please click here for details.
I Need Help!
Lost or Stolen Device — Any employee who has lost, or had stolen, a device used for Stanford business is responsible for following all school procedures. This includes reporting the situation immediately to the Stanford University Privacy Office. Click here for the Data Security Program's instructions for reporting a missing device.
Reporting an Incident — How to report a security incident, as outlined in the Administrative Guide.
I Think I've Been Hacked — What to do if your computer or server may be compromised.
What is a DMCA Notice? — The correct procedures to follow if you receive a DMCA notice.
Email Information Security — You can file a Help Request, or contact us at irt-security@lists.
Contact Information Security — Our Information Security team members, with email addresses and other contact information.
Tools & Info
Encryption — Protecting the sensitive information that may be stored on your computer.
Bastion Access — How to log into Bastion with two-factor authentication.
MedSecureSend — Using Stanford Medicine's secure file transfer service.
How To Secure Your Information — A starting place for protecting the information on your computer: how to encrypt your computer, back up your information securely, and send secure files and email.
Cloud Computing — About cloud-based services and which ones are IRT-approved.
Research and Security — Help with creating a data security plan for your grant proposal.
Information Privacy and Security Policies — Stanford-specific policies regarding computer usage, SUMCnet and HIPAA.
Good Practices — A common-sense cheatsheet for everyday ways to protect your information.
OUR MISSION STATEMENT:
Proactively protect SoM information
Monitor and proactively protect the SoM networks
Provide a variety of information security options to protect resources on the School's networks from disruptions, modifications, and disclosure
Develop and publish requirements for the secure configuration of computer systems on the School's network
Provide information security education and awareness programs to faculty, staff, and students
Data Security Program
The Data Security Program helps you comply with Stanford policy and federal law. Visit for help with encryption, secure storage, and automatic backups.