TUM Board of Management decision on the introduction of a centralized IT security reporting system
Resolutions from the TUM Board of Management meeting on April 3, 2015
Topic
IT security at TUM: introduction of a centralized system for reporting security incidents and vulnerabilities within the IT system.
Background
Background TUM has no centralized system for documenting and managing security incidents and vulnerabilities within the university's IT infrastructure. This also applies to lost/misplaced electronic devices containing confidential information.
Resolution
The IT Service Center is directed to implement a centralized reporting system for IT security issues through the central IT Support desk and to update the CIO on a regular basis with respect to security incidents and vulnerabilities. Severe security issues are to be reported immediately to the CIO. When required, the CIO will inform and involve the TUM Board of Management, the data protection official, the IT security officer and the employee council.
TUM employees and members will be instructed to report all known IT security incidents and vulnerabilities, which include but are not limited to:
- Loss/misplacement of electronic devices containing confidential information
- Hacker attacks affecting the TUM IT system
- Dissemination of malware through IT systems operated by TUM
- Compromised access data
- Vulnerabilities of devices and systems currently in use within the TUM IT system
The IT Service Center will launch an information campaign to raise IT security awareness among members of the university. The IT Service Center will furthermore establish a centralized help desk for restoring service after outages caused by security incidents. This service will also be available to decentralized units.
Unanimously approved on 03.04.2015
W.A. Herrmann, A. Berger, H. Keidel, R. Keller, L. Meng, T. Hofmann, H. Pongratz
Implementation and reporting: SVP Pongratz