Who does what?
The organizational structure is defined in the Regulations for the Governance of IT at the University of Münster.
CISO: Chief Information Security Officer
- Controls and coordinates the security process
- Establishes an information security management system (ISMS) at the university in accordance with the IT-Grundschutz methodology of the German Federal Office for Information Security (BSI)
- Prepares security concepts and coordinates their implementation
Information Security Office
- Managed by the CISO
- Supports the CISO in all activities that arise
- Among other things, the topics of security awareness and the creation of guidelines and concepts are located here.
IT Security Department of the CIT of the University of Münster
- Responsible for the operational implementation of security concepts and measures in the CIT of the University of Münster
- Conception and implementation of awareness and training measures
- Works closely with the CISO and the Information Security staff unit
IVVs: IT Support Units
- Decentralized IT services and first point of contact in the departments
- Responsible for administration in the departments
- Responsible for the computer workstations of the departments
-
The IVV 9 (also known as Service Desk or Service Competence Center) is to be mentioned separately. It is part of the CIT of the University of Münster and is responsible for the workstations of the central administration as well as for SAP and the campus management system.
CERT: Computer Emergency Response Team
- Central coordination point for IT security information, problems and incidents
- The goal of the CERT is to protect the University of Münster, its members and its infrastructure from careless or illegal use of its IP addresses and resources.
- The CERT supports university members in taking proactive measures to reduce the risk of IT security incidents and in responding to security incidents.
- The CERT's responsibilities include, among other things, analyzing and communicating the current threat and security situation, reviewing indications of security problems and security-related events, and processing and documenting security incidents.
What does the University of Münster do? (Technical Solutions)
The CIT of the University of Münster implements the security measures for central systems and for the network area. These include:
- Firewall and network security
- E-mail filtering
- Intrusion Prevention System (IPS)
- Backup of central network drives and systems
- Deployment and operation of anti-virus programs
IT Support Units (IVVs) provide decentralized security measures:
- Configuration of departmental end-user devices
- Installation and updating of software on departmental end devices
- Backup of own network drives and systems
Guidelines und Handouts
The following handouts and guidelines on information security have been passed at the University of Münster so far:
- Informationssicherheitsleitlinie der Universität Münster, Version 2.0.0 vom 02.08.2023 [de]
- Informationssicherheitsmanagementsystem (ISMS), Version 1.0.0 vom 03.08.2023 [de]
- Lenkung von Dokumenten, Version 2.1.0 vom 03.08.2023 [de]
- Handreichung zur Schutzbedarfsfeststellung, Version 2.0.0 vom 18.03.2024 [de]
- Sicherheitsrichtlinie Netz, Version 1.0.0 vom 08.08.2022 [de]
- Detektion und Behandlung von Sicherheitsvorfällen, Version 1.1.0 vom 27.09.2023 [de]
- Richtlinie zur Überprüfung und Verbesserung der Informationssicherheit, Version 1.2.0 vom 29.09.2023 [de]
- Konzept zur Informationssicherheits-Awareness, Version 1.0.0 vom 04.08.2023 [de]
-
Classification of informationen
In addition, the following handouts and guidelines for information security have been approved within the CIT at the University of Münster:
- Sicherer IT-Betrieb, Version 1.0.0 vom 15.08.2022 [de]
- Richtlinie zur Risikoanalyse, Version 1.1.0 vom 19.09.2022 [de]
- Protokollierung und zentrales Logging, Version 1.0.0 vom 02.08.2022 [de]
In addition, the following lists of technical and organizational measures (TOMs) have been compiled:
Further Information