Recommendations & Guidelines

Information security is a very complex topic, where technical and organizational measures must be applied equally in order to achieve sufficient protection for the entire organization. In order to make this somewhat easier for you, we provide here a series of guidelines and advisors which have been developed from corresponding recommendations, e.g. of the BSI, and the exchange with other information security officers in the state of Baden-Württemberg.

These guides will be updated and extended.

Despite all efforts to ensure secure operation and sensitive use of IT, critical incidents cannot be ruled out. All operators of IT systems at the university should prepare for such emergencies by taking appropriate organizational and technical measures. In the event of an emergency, appropriate documentation should be available (also offline) to achieve the following goals, among others:

  • Initiate immediate measures
  • stop the spread of damage
  • Reach important contact persons by telephone
  • comply with legally required reporting channels and deadlines
  • Securing evidence for later processing and, if necessary, criminal prosecution

The BSI and the Alliance for Cybersecurity provide handouts for this purpose, which can already be used to set up a basic emergency management system. The BSI's IT emergency card can also be useful. It describes the most important rules of conduct for end users in the event of IT emergencies so that panic-like actions do not increase the damage (all document only available in german):

Warning of increased cyber attacks

It is becoming apparent that the current Covid-19 emergency situation of authorities, universities and companies is increasingly being exploited by cybercriminals (see BSI information). In particular, the massive expansion of teleworking with hastily set up terminals and access to the corporate or government network is problematic in this context. At present, phishing attacks, i.e. e-mails with which users are to be distributed in order to enter sensitive access data, are particularly noticeable. Or you may receive e-mails with supposedly serious information or offers that are precisely tailored to the current emergency situation and the many challenges we face. For many questions the kiz can realize technical solutions but unfortunately not for "social engineering".

Therefore our urgent appeal: Be attentive and rather delete immediately an e-mail which seems suspicious to you or offers unexpected help in the current situation. If necessary, ask the alleged sender whether he really sent you the e-mail. Try not to use links that are sent to you in an e-mail or at least check in the plain text setting of your e-mail program where the link actually leads to. With a few basic rules and increased vigilance you can already minimize many risks.

Communication and Information Centre (kiz)

Please contact us if you have questions or problems related to the kiz services:

Office hours
Monday - Thursday
09:00 h - 12:00 h and 13:00 h - 15:30 h

Friday 09:00 h - 12:00 h

+49 (0) 731 / 50 - 30000

+49 (0) 731 / 50 - 1230000

Order a Callback
Support Portal

Service Points are locations where you can visit us personally.


Using self-service functions of the Identity Management System (IDM): Administer permissions, subscribe to services, change passwords.

IDM Self Services

With about 400 keywords you will get direct access to our services. If something isn't listed, please contact our Internet Editorial Office.

A-Z List