Information security is intended to ensure the confidentiality, integrity and availability of information. The guarantee of information security in IT essentially covers two areas:
Technical measures: Among other things, the use of virus scanners, spam and phishing filters, prompt security patches for operating systems, regular data backups, encryption of sensitive data, use of firewalls, authentication methods
Organisational measures: Among other things, training and awareness campaigns for users, access authorisations, documentation and procedural guidelines.
Almost every member of this university now uses a PC workstation or mobile device to carry out his or her daily work, processing a wide variety of information and - in some cases - personal data. It is more or less taken for granted that the computer working environment and the required data are available, the information is reliable and the data is protected against unauthorised access.
Unfortunately, it has to be said that these self-evident assumptions are increasingly being called into question by attacks of all kinds, some of them criminal. The focus of constantly changing and increasingly subtle methods of attack is not only on IT infrastructures (networks, servers), but also on the IT users themselves. Here, the user is used as a "door opener" by clever manipulation to launch a successful attack. As a rule, the circle of injured parties in a successful attack extends far beyond the manipulated person.
In order not to "leave you, the user, out in the cold" in this increasingly problematic scenario, the university will offer regular face-to-face training courses on data protection and data security for all university employees starting in 2018.
Risk analysis and risk assessment
Hazards and risks