The aim of the information security policy at the UT is to guarantee the continuity of business operations and to minimize any damage caused, through preventing security incidents and minimizing any consequences.
Principles
Information security is a line responsibility: this means that line managers (departmental heads) bear primary responsibility for good information security in their department/unit. This includes the choice of measures and their implementation and enforcement.
Information security is everyone's responsibility. Explain to employees, students, lecturers, and third parties that they are expected to actively contribute to the security of automated systems and the information stored there. This can be done in the appointment letter, during performance reviews, through an institution-wide code of conduct, periodic awareness-raising campaigns, etc. The imposition of sanctions after infringements ensures the credibility of the system. To support this, several user policies and codes of conduct are available.
Policy
The information security policy forms the basis for the approach to information security within the institution. The information security policy defines the framework conditions and principles and the way in which the policy is translated into concrete measures. To ensure that the policy is supported within the organization and that the organization acts accordingly, it is promoted by (or on behalf of) the Executive Board. The information security policy is drawn up by University Information Management and determined by the Executive Board.
Roles
The Information Security Officer is a role on a strategic (and tactical) level within University Information Management. Together with LISA, UIM provides advice to the Executive Board. The Security Officer monitors uniformity within the institution. The Security Manager is an officer at LISA and plays a role in translating the strategy into tactical (and operational) plans. For the sake of uniformity, the officer does this together with the Information Security Officer, the system owners, and the faculty information managers.
For more practical information about IT security, visit the Cyber safety website.