IT security and data protection

Information security is intended to ensure the confidentiality, integrity and availability of information. The guarantee of information security in IT essentially covers two areas:

Technical measures: Among other things, the use of virus scanners, spam and phishing filters, prompt security patches for operating systems, regular data backups, encryption of sensitive data, use of firewalls, authentication methods

Organisational measures: Among other things, training and awareness campaigns for users, access authorisations, documentation and procedural guidelines.

Training

Almost every member of this university now uses a PC workstation or mobile device to carry out his or her daily work, processing a wide variety of information and - in some cases - personal data. It is more or less taken for granted that the computer working environment and the required data are available, the information is reliable and the data is protected against unauthorised access.

Unfortunately, it has to be said that these self-evident assumptions are increasingly being called into question by attacks of all kinds, some of them criminal. The focus of constantly changing and increasingly subtle methods of attack is not only on IT infrastructures (networks, servers), but also on the IT users themselves. Here, the user is used as a "door opener" by clever manipulation to launch a successful attack. As a rule, the circle of injured parties in a successful attack extends far beyond the manipulated person.

In order not to "leave you, the user, out in the cold" in this increasingly problematic scenario, the university will offer regular face-to-face training courses on data protection and data security for all university employees starting in 2018.

Agenda

Data protection
  • What are personal data?
  • What may be collected?
  • How and for what purpose may it be processed?
  • How long may data be stored?
  • By whom may it be viewed
    Data security

    Risk analysis and risk assessment

    • Procedure for assessing the risk situation

    Hazards and risks

    • Presentation of concrete attack scenarios

    Protective measures

    • Procedures and behaviour around my data
      • from loss,
      • from unintentional or unauthorized change,
      • to protect against unauthorised inspection
    back-to-top nach oben