The IT security department of the CIT is responsible for the coordination and operational implementation of IT-security-related measures at the University of Münster. Within the CIT, the IT security department advises the management on topics related to IT security, accompanies new projects with a focus on security aspects, and provides support to employees in all questions related to information security.
Monitoring, Auditing and Certification
The department is responsible for monitoring the IT security as well as for auditing and certification (e.g., "ISO 27001-Zertifikat auf der Basis von IT-Grundschutz"). In this context, it also operates and develops the SecDoc tool for documenting IT security concepts. The tool is based on the baseline protection method of the Federal Office for Information Security (BSI). In addition, the department supports users in the utilization of the tool.
Realization of Awareness Measures
The University of Münster understands IT and information security as a collective task for everyone. The department therefore aims to establish IT security as an enabling factor in the everyday study and work life of all members of the university. Accordingly, the topic of IT security awareness has a particularly high priority and is worked on cooperatively by the IT security department and the Information Security Office. The common leitmotif "See-Protect-React" serves as a structural and communication element to create a stronger awareness for information and IT security. It is intended to enable students and employees to reach the responsible support members for their security issues, to act as independently and proactively as possible, and to react correctly in the event of a security incident.
The IT security department provides training courses on IT security within the university and offers various materials for information and implementation of IT security measures. It also acts as a central communication point for informing employees and students at the University of Münster in the event of security-related changes affecting the IT infrastructure.
Support in Case of Security Incidents
Assistance regarding proactive measures to reduce the risk of IT security incidents, as well as responding to security incidents, is available to university employees through the CERT (Computer Emergency Response Team). It is the central coordination point for IT security information, issues, and incidents. The goal of the CERT is to protect the university, its members, and its infrastructure from negligent or illegal use of its IP addresses and resources (e.g., cyberattacks).
Support and Consulting
Users can receive advice and support on IT security topics from various departments of the CIT. The Service Competence Center (former IVV9) responds to requests from employees of the university administration. The IT hotline is the first point of contact for students' requests. It answers inquiries about security aspects as well as provides assistance on the implementation of security measures.
Cooperation with other Institutions
For the IT security department, cooperation across departments and institutions is of the highest value, as it is the only way to address the many different aspects of IT security and deal with them individually. In particular, the IT security department maintains close contact with the Information Security Office and its head, the Chief Information Security Officer (CISO). The department reports regularly to the CISO on operational measures relating to IT security and receives feedback on aspects of implementation from the Information Security Office. There is also a continuous exchange of information on the progress and problems relating to the establishment of an Information Security Management System (ISMS) in accordance with the baseline protection method of the Federal Office for Information Security (BSI).