Information security management
Information security management
What does information security mean?
Data, whether analogue or digital, is the basis of our work - in science as well as in administration. Without reliable data, research results are not meaningful and administrative acts may not be legally binding. We depend on important data being available to us unchanged and on confidential data remaining confidential. These are also the goals of information security management: to ensure the confidentiality, availability and integrity of data.
However, data is a coveted commodity and stolen data can be used in a variety of ways: The data owners can be blackmailed or the data itself can be used for profit: Innovative technical know-how can be sold to interested companies or personal data such as first and last name, address and credit card number can be used to make purchases under a false name and on someone else's account, etc.
Ransomware attacks are currently particularly active. Ransomware is malware that restricts or prevents access to data and systems, for example through encryption. A ransom is then demanded for the release of the data. In addition to encryption, data is often leaked and the blackmailers threaten to publish sensitive data on the internet, usually on the darknet.
Only active and effective information security management and attentive employees can help here. At the University of Oldenburg , the IT services and the Data Protection and Information Security Unit do everything they can to ensure that the data processed at the university is protected.
What you can - or should- do?
However, the security of the university's IT systems and thus all digital data is not only in the hands of IT services and the staff unit's information security management. Every single employee of the university is required to be vigilant in their day-to-day use of IT systems and to minimise risks.
You can find some basic information on the topic of "IT security in the workplace" as well as a quick guide to the password manager "KeePass" on the following pages.
Data Protection and Information Security Unit (DISM)
At the University of Oldenburg, Information Security Management, as part of the staff unit, supports the Presidential Board in the risk-orientated management of information security.
The staff unit advises all organisational units of the university on information security issues and is, in particular, the direct point of contact for information security incidents. In addition, Information Security Management monitors and reviews the technical and organisational measures (TOMs) at the university on behalf of the Presidential Board. The TOMs are designed to ensure security when processing data, especially sensitive personal data.
The technical TOMs include, for example, securing access to servers (separate rooms, server cabinets) or password-protected access to IT systems and protecting IT systems against attacks.
Organisational TOMs include, for example, guidelines or service agreements on the use of IT, the internet and mobile devices or instructions on the storage and deletion of personal data in compliance with data protection regulations.
Specifically, the staff unit is responsible for
- advising on all questions relating to the design and implementation of information security, the security concept or the risk-oriented selection and implementation of security measures
- processing information security incidents
- defining and monitoring information security regulations
- setting up and operating an information security management system
- reporting to the Presidential Board
The university's information security management thus controls all activities relevant to information security in accordance with the international standard ISO 27001 and the IT baseline protection of the Federal Office for Information Security. The university thus achieves an appropriate, standardised level of information security - an important quality feature.
