The organisational structure is defined in the Regulations on IT Governance at the University of Münster.

CISO: Chief Information Security Officer

• controls and coordinates the security process
• establishes an information security management system (ISMS) at the University in accordance with the IT-Grundschutz methodology of the German Federal Office for Information Security (BSI)
• prepares security concepts and coordinates their implementation

Information Security Office

• managed by the CISO
• supports the CISO in all activities
• addresses issues of security awareness and oversees the creation of guidelines and concepts

IT Security Department of the CIT of the University of Münster

• responsible for the operational implementation of security concepts and measures at the CIT of the University of Münster
• develops and implements awareness and training measures
• works closely with the CISO and the Information Security staff unit

IT Support Units (IVVs)

• decentralised IT services and first point of contact in the faculties
• responsible for administration in the faculties
• responsible for the computer workstations in the faculties

• IVV 9 (also known as the Service Desk or Service Competence Center) is a separate, but CIT-affiliated support unit responsible for the workstations of the central administration as well as for SAP and the campus management system (CMS)

Computer Emergency Response Team (CERT)

• central coordination point for IT security information, problems and incidents
• protects the University, its members and infrastructure from careless or illegal use of its IP addresses and resources
• supports University members in taking proactive measures that reduce the risk of IT security incidents and in responding to security incidents
• analyzes and communicates current threats and the security situation, monitors indications of security problems and security-related events, and processes and documents security incidents

The CIT implements security measures for the central systems and the network area of the University of Münster. These include:

• firewall and network security
• email filtering
• Intrusion Prevention System (IPS)
• backup of central network drives and systems
• deployment and operation of anti-virus programs

IT Support Units (IVVs) provide decentralised security measures:

• configuration of departmental end-user devices
• installation and updating of software on departmental end devices
• backup of own network drives and systems

All guidelines, policies and handouts on information security that are currently in place at the University of Münster, can be found here.

• Federal Office for Information Security (BSI)