Although some TUM processes are not yet managed digitally, the university must still process a large inventory of electronic information. The convenient modern communication methods for handling this data have meanwhile become an indispensable tool. But, these tools also harbor the risk of sensitive information falling into unauthorized hands.
The recommendations outlined here are designed to help assess which protective measures can be undertaken to counteract this danger.
First find out which data is being classified as confidential and how the individual classifications are defined: definition of confidential data
Below, you will find real scenarios with tips on what to consider from an IT security standpoint.
Neither the tips nor the scenarios outlined here are complete. New scenarios are added on a regular basis. We welcome you to submit suggestions at it-sicherheit(at)tum.de.
Do you handle student data - in other words personal information of students? If you do, it's imperative that you bear in mind the issue of data privacy. For centralized systems such as TUMonline or Moodle, data privacy requirements are managed centrally. This is not the case with decentralized systems and applications.
The office of the TUM data privacy representative has published a new brochure for precisely these situations. The brochure is designed for TUM employees who handle student data and in the process use decentralized systems or applications such as purchased software, proprietary or self-developed systems or external web services.
- Brochure "Erheben Sie Studierendendaten?" (German, PDF, 612 KB)
- Brochure "Do You handle student data?" (English, PDF, 466 KB)
The brochures also can be ordered as a paper version via the IT-Support: firstname.lastname@example.org
In addition, we have put together a list of trustworthy services suitable for integration into your website, or for managing communications and sharing files.