Who does what?
The organisational structure is defined in the Regulations on IT Governance at the University of Münster.
CISO: Chief Information Security Officer
- controls and coordinates the security process
- establishes an information security management system (ISMS) at the University in accordance with the IT-Grundschutz methodology of the German Federal Office for Information Security (BSI)
- prepares security concepts and coordinates their implementation
Information Security Office
- managed by the CISO
- supports the CISO in all activities
- addresses issues of security awareness and oversees the creation of guidelines and concepts
IT Security Department of the CIT of the University of Münster
- responsible for the operational implementation of security concepts and measures at the CIT of the University of Münster
- develops and implements awareness and training measures
- works closely with the CISO and the Information Security staff unit
IT Support Units (IVVs)
- decentralised IT services and first point of contact in the faculties
- responsible for administration in the faculties
- responsible for the computer workstations in the faculties
-
IVV 9 (also known as the Service Desk or Service Competence Center) is a separate, but CIT-affiliated support unit responsible for the workstations of the central administration as well as for SAP and the campus management system (CMS)
Computer Emergency Response Team (CERT)
- central coordination point for IT security information, problems and incidents
- protects the University, its members and infrastructure from careless or illegal use of its IP addresses and resources
- supports University members in taking proactive measures that reduce the risk of IT security incidents and in responding to security incidents
- analyzes and communicates current threats and the security situation, monitors indications of security problems and security-related events, and processes and documents security incidents
What does the University of Münster do? (technical solutions)
The CIT implements security measures for the central systems and the network area of the University of Münster. These include:
- firewall and network security
- email filtering
- Intrusion Prevention System (IPS)
- backup of central network drives and systems
- deployment and operation of anti-virus programs
IT Support Units (IVVs) provide decentralised security measures:
- configuration of departmental end-user devices
- installation and updating of software on departmental end devices
- backup of own network drives and systems
Guidelines, policies and handouts
The following guidelines, policies and handouts on information security are currently in place at the University of Münster:
- Information security guidelines of the University of Münster, v. 2.0.0, 2 Aug. 2023 [de]
- Information security management system (ISMS), v. 1.0.0, 3 Aug. 2023 [de]
- Document management guidelines, v. 2.2.0, 13 Aug. 2024 [de]
- Information on assessing protection requirements, v. 2.1.2, 11 June 2024 [de]
- Network security guidelines, v. 1.1.0, 19 Aug. 2024 [de]
- Detection and mitigation of security incidents, v. 1.1.0, 27 Sep. 2023 [de]
- Guidelines on reviewing and improving information security, v. 1.2.0, 29 Sep. 2023 [de]
- Concept paper on information security awareness, v. 1.0.0, 4 Aug. 2023 [de]
-
Classification of information
-
Guidelines on ISMS risk analysis v. 2.0.0, 10 Jun. 2024 [de]
In addition, the following handouts and guidelines on information security are currently in place at the CIT:
- Safer IT operation, v. 1.3.0, 28 Aug. 2024 [de]
- Protocolling and central logging, v. 1.0.0, 2 Aug. 2022 [de]
The CIT has also compiled the following lists of technical and organisational measures (TOMs):
Further information