When talking about cyber safety, various terms are used synonymously and interchangeably. These terms are explained below.
In short, cyber safety means being secure online. The online environment is rife with threats to our safety and security. Naturally, we wish to mitigate these threats where possible, not only as an organization but also in our individual capacities. These threats are everything that can prove a risk, e.g. a publically accessible internet connection, phishing emails, suspicious links, downloadable documents or apps. Cyber safety helps to avoid those risks but also helps to protect against their consequences, because it is impossible to avoid all hazards. Even when someone complies with all customary security requirements, they could still become the target of an attack.
Taken literally, information security means securing information or data, such as research data or personal data. Information is increasingly being stored digitally in information systems, apps or websites. However, non-digital information also forms part of information security. This website is about information security in a broad sense of the word, with an emphasis on cyber safety.
Working safely online is the responsibility of everyone at the UT, but there are also a number of specific roles in the field of information security. These roles are assigned to the following (groups of) employees.
The Computer Emergency Response Team of the University consists of IT professionals from LISA. They investigate all reports in the field of computer security and privacy and engage the necessary (technical) specialists to solve the incident. When a report has a privacy aspect, CERT-UT works directly with the FG team. Incidents relating to employees' workplaces or devices are relayed to the LISA ICT service desk. For reports about workplaces or devices of students, CERT-UT contacts the SNT helpdesk.
CERT-UT also maintains contacts with teams from other educational institutions and with SURFcert, SURF's overarching, coordinating team.
Information Security Officer
The Information Security Officer (ISO) is part of University Information Management (which in turn is part of Strategy & Policy) and functions on a strategic and tactical level. The ISO, together with the Head of Information Management, advises the Executive Board. It formulates the information security policy and assists in a correct translation to institutional components. In addition, the ISO monitors the uniform compliance with the policy and reports on gaps, inconsistencies and shortcomings.
IT Security Manager
The IT Security Manager is part of LISA and plays an important role in translating the strategy and policies into tactical (and operational) plans. He does this in consultation with the Information Security Officer.
The IT Security Manager is coordinator of CERT-UT. He also advises on specific information security measures in projects, varying from standing projects to acquisitions of, for example, software or hardware. Every quarter a management report is drawn up for the LISA Management team, the Information Security Officer, the head of Information Management and the Executive Board.
In addition, the IT Security Manager is the point of contact for HR when conducting crisis exercises at the UT if they contain an IT component.
The ICT Service Desk is part of LISA and the first point of contact for incidents that are not related to security or privacy. If an incident reported to the ICT Service Desk appears to contain one of these components, they will contact CERT-UT.