According to the requirements of the "VwV Informationssicherheit" of the state of Baden-Württemberg, the kiz (as well as the university as a whole) has the task of establishing an Information Security Management System (ISMS) in order to guarantee basic IT protection according to the recommendations of the BSI for its central and mission-critical systems. The ISMS at the kiz is part of the service management based on the ITIL process model. The kiz has appointed two Information Security Officers (ISO) to implement the security concept, to comply with security guidelines and to organize and design the underlying security processes in its services and internal operational processes.
Due to the size and decentralised structure of the university, the IT managers of the various departments (e.g. in institutes, faculties, other operating facilities) are also obliged to take appropriate protection and awareness measures for the IT systems they operate and how to deal with them. The University has appointed a Chief Information Security Officer (CISO) as the main contact for all issues relating to information security. He is responsible for the strategic orientation of information security, controls and coordinates the information security process, among other things, and is responsible for implementing the central protection goals. The CISO also coordinates the preparation of an information security concept and other sub-concepts and guidelines.
The kiz and the CISO work closely together. The kiz explicitly provides the university with a number of services relating to IT security and provides a collection of best practice guides and instructions for security-conscious handling of IT applications. However, the content is oriented towards the use of the service portfolio of the kiz. The CISO is responsible for the recommendations, specifications, guidelines and questions on information security in the general context.
As a first step towards institutional anchoring, the Presidential Board of the University of Ulm has adopted a guideline on information security (PDF), which came into force on October 6, 2020. This guideline defines the goals, principles and organization for the information security process (see diagram). The guideline is the basis for the information security concept of the university and the derivation of concrete security guidelines.
Information Security at kiz
Guido A. Hölting & Florian P. Böck Information Security Officers (ISO) Phone: +49 (0) 731 / 50 - 30300 Email: kiz(at)uni-ulm.de