Why is information security an important aim?
At the University of Münster, many processes and systems are used and information is processed on a daily basis to ensure smooth processes in research, studies, technology and administration. Information security, i.e. the protection of these processes, systems and information, is a basic requirement for studying and working at the University of Münster.
In addition to ensuring the functionality of IT systems, processes and applications, information security includes in particular the three core objectives of confidentiality, integrity and availability of information. Confidentiality includes the protection against unauthorized disclosure of information. Integrity refers to the assurance of the accuracy of data and the correct functioning of systems. This includes preventing unauthorized creation or modification of information. The core objective of availability ensures that systems, applications and data are always available to authorized individuals as intended.
In recent years, more and more universities have fallen victim to successful attacks by cybercriminals. Research data and practices, databases, administrative processes, personal data, and many other aspects of the day-to-day operations of universities can be targets for criminals. Attackers captured information, shut down processes at universities, and/or blackmailed universities into handing over large sums of money.
But even defects in systems that are not externally induced can lead to loss of functions or information. Therefore, in addition to protection against direct attacks, information security is also an aim that must be integrated into the everyday lives of all university employees.
What do administrators need to be aware of when it comes to information security?
At a university, there is a high demand for availability and operational stability of IT systems. IT systems are exposed to considerable risks due to, among other things, vulnerabilities in the operating systems and programs used, as well as incorrect configuration of devices.
As an administrator, the challenge is to ensure usability, functionality and compliance with basic security standards at the same time. To protect end users and their systems from threats, this can also mean restricting functional areas. For both administrators of workplace computers and area administrators of IT systems, an important responsibility is to keep applications and programs up to date in order to close security gaps at an early stage.
Since you as administrators have more access rights than standard end users, your user data are particularly often the target of attacks. Your user data are therefore particularly important to protect, and the accounts need to be additionally secured.
You are often the first point of contact for end users in the event of problems and thus also a direct mediator for information security when dealing with IT systems. As an administrator, you also have a role model function for the handling and security-compliant use of IT systems due to your technical expertise.
Recommendations for administrators at the University of Münster
in progress
Further Information
Federal Office for Information Security