Recommendations & Guidelines
Information security is a very complex topic, where technical and organizational measures must be applied equally in order to achieve sufficient protection for the entire organization. In order to make this somewhat easier for you, we provide here a series of guidelines and advisors which have been developed from corresponding recommendations, e.g. of the BSI, and the exchange with other information security officers in the state of Baden-Württemberg.
- Guideline passwords
- Guideline password management with KeePass
- Guideline for safe homeoffice
- Guide for safe handling of e-mails
- Mozilla Thunderbird Guide
- Recognize official e-mails
- IT Systems Guide
- Windows 10 Guide
- Virus Infestation Procedure Guide
These guides will be updated and extended.
Despite all efforts to ensure secure operation and sensitive use of IT, critical incidents cannot be ruled out. All operators of IT systems at the university should prepare for such emergencies by taking appropriate organizational and technical measures. In the event of an emergency, appropriate documentation should be available (also offline) to achieve the following goals, among others:
- Initiate immediate measures
- stop the spread of damage
- Reach important contact persons by telephone
- comply with legally required reporting channels and deadlines
- Securing evidence for later processing and, if necessary, criminal prosecution
The BSI and the Alliance for Cybersecurity provide handouts for this purpose, which can already be used to set up a basic emergency management system. The BSI's IT emergency card can also be useful. It describes the most important rules of conduct for end users in the event of IT emergencies so that panic-like actions do not increase the damage (all document only available in german):
- IT emergency card (PDF) to print out and post, e.g., on bulletin boards, in offices, etc.
- Catalog of measures for emergency management (PDF)
- The TOP 12 measures to take in the event of cyber attacks (PDF)
- Also recommended for preparation: Set up emergency communication with Zoom
Communication and Information Centre (kiz)
Please contact us if you have questions or problems related to the kiz services:
Monday - Thursday
09:00 h - 12:00 h and 13:00 h - 15:30 h
Friday 09:00 h - 12:00 h
+49 (0) 731 / 50 - 30000
+49 (0) 731 / 50 - 1230000
Research in the library stock: monographs, textbooks, magazines, university publications, e-books, e-journals, national licenses, and the contents of the institutional repository OPARU.
more about: Awareness raising
The Security-Usability-Society (SECUSO) research group at KIT has developed training videos on how to recognise and deal with phishing emails. The videos are about 5 minutes long and include a general introduction, the most important rules for recognising fraudulent messages and illustrative examples.
The University of Mannheim has produced a six-part podcast series in cooperation with an agency. Embedded in a radio play, listeners learn more about various dangers in the IT sector and receive tips on how to deal with security problems.