Information Security Concept
According to the requirements of the "VwV Informationssicherheit" of the state of Baden-Württemberg, the kiz (as well as the university as a whole) has the task of establishing an Information Security Management System (ISMS) in order to guarantee basic IT protection according to the recommendations of the BSI for its central and mission-critical systems. The ISMS at the kiz is part of the service management based on the ITIL process model. The kiz has appointed two Information Security Officers (ISO) to implement the security concept, to comply with security guidelines and to organize and design the underlying security processes in its services and internal operational processes.
Due to the size and decentralised structure of the university, the IT managers of the various departments (e.g. in institutes, faculties, other operating facilities) are also obliged to take appropriate protection and awareness measures for the IT systems they operate and how to deal with them. The University has appointed a Chief Information Security Officer (CISO) as the main contact for all issues relating to information security. He is responsible for the strategic orientation of information security, controls and coordinates the information security process, among other things, and is responsible for implementing the central protection goals. The CISO also coordinates the preparation of an information security concept and other sub-concepts and guidelines.
The kiz and the CISO work closely together. The kiz explicitly provides the university with a number of services relating to IT security and provides a collection of best practice guides and instructions for security-conscious handling of IT applications. However, the content is oriented towards the use of the service portfolio of the kiz. The CISO is responsible for the recommendations, specifications, guidelines and questions on information security in the general context.