Security
Information security is the protection of information, whether digital, physical or on paper, from unauthorized access, loss or manipulation. The aim is to minimize risks such as data abuse, financial losses or damage to the image of the University. This not only involves technical systems, but also organizational measures such as guidelines, processes and training that ensure information is handled properly.
The CIA targets for protecting information security are explained in a brief video based on ISO 27001.
To the videoOrganization
FAU is expanding its information security and has created the function of Chief Information Security Officer (CISO) and has set up a Security Operations Center (SOC). Erlangen Regional Computing Center is responsible for designing and implementing the technical and organizational security measures of central IT systems. The introduction of CISO and SOC is in line with international recommendations such as ISO/IEC 27001 and BSI IT baseline protection and serves to strengthen existing structures by means of independent monitoring and additional expertise.
In addition, information security is not only the responsibility of the CISO, the Computing Center or other organizational units, but rather each and every member of FAU can and should do their bit. The protection of information depends to a significant extent on the responsible behavior of all users.
Chief Information Security Officer (CISO)
At FAU, the creation of the role of Chief Information Security Officer (CISO) means that there is a central point of contact for all aspects of information security. Professor Dr.-Ing. Michael Tielemann was appointed FAU’s Chief Information Security Officer (CISO) in February 2022 and is responsible for ensuring and continuously improving information security at FAU. His main responsibilities include protection against threats, avoiding damage and minimizing risk. In his role, he advises the Executive Board and exercises the powers assigned to him by the Executive Board in the area of information security.
CISO consultation sessions take place every Thursday at 10am. Questions are not only permitted, they are encouraged.
-
01Oct10:00 – 11:30
-
05Nov10:00 – 11:30
-
03Dec10:00 – 11:30
The slides from previous consultations are available to download below:
Email signature:
An email signature is essential for securely authenticating the sender. It ensures the authenticity and integrity of messages by enabling phishing mails to be identified easily, for example. This significantly reduces the risk of data protection breaches and is crucial for information security. The use of an email certificate is therefore strongly recommended by the CISO for all FAU members.
Further information:
Step-by-step instructions for using OpenPGP and S/MIME
Instruction video about S/MIME from the CIO Office (internal)
Be wary and ask questions
Information about use within University Administration (internal)
Security Operations Center (SOC)
The purpose of the Security Operations Center (SOC) is to improve the University’s information security measures by centrally coordinating all relevant technologies and operations for the prevention, detection, reaction and defense of threats. The SOC is currently being set up and is working closely with the Regional Computing Center in order to continuously improve the security of IT infrastructure at FAU together.
Contact: soc@fau.de
Currently, the SOC’s work is divided into the following areas:
Awareness management involves developing measures aimed at increasing awareness for information security. These measures must be presented in such a way that they are easy to understand and appealing for all members of the University – for both employees and students. The awareness of FAU members must be raised so that they can identify risks and know what to do in situations that are critical to security as well as know their responsibilities regarding information security. Because “well informed people are the best firewall”.
IT risk management at SOC aims to systematically identify assets that need to be protected, record and evaluate potential risks and continuously analyze existing security measures and optimize them if required. The SOC’s processes are guided by the standards of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) and it works closely with the department for internal control systems as well as with operational and strategic management at the Chancellor’s Office/Organizational Development. Working together in this way enables us to establish a holistic and continuous risk management process at FAU.
Tool in use: GRC tool
The management of vulnerabilities focuses on preventing cyber attacks by making a decisive contribution to reducing the susceptibility of IT systems to attack. While FAU’s infrastructure was confronted by a higher risk due to the large number of critical vulnerabilities in Internet systems at the beginning of 2023, the introduction of vulnerability management during the last two years has almost completely eliminated the entry points identified as critical. With this in mind, managing vulnerabilities not only ensures that systems that can be accessed publicly are permanently scanned for any vulnerabilities, but also that these vulnerabilities are eliminated quickly and in a controlled manner according to criticality.
Tools in use: Vulnerability scanner, darknet analysis
FAU’s incident and emergency management strategy aims to minimize the effects of cyber attacks on its IT infrastructure as far as possible and to restore systems affected and processes as quickly as possible. Security incidents are recorded systematically, analyzed and quickly contained in order to minimize damage and to develop preventive measures.
If necessary, the status of incidents is escalated from incident and major incident to IT crisis. The steps required are planned, prepared and supported with suitable tools so that they can be implemented as quickly as possible in an emergency. Regular emergency drills and preventive measures ensure the continuity of operations to the greatest extent possible.
In implementation: SIEM/IDS