Centralized IT security reporting

Following a decision by the TUM Board of Management, IT security-relevant incidents and vulnerabilities should be centrally documented and coordinated at TUM. A centralized IT security reporting system was introduced, as a result.

Reporting all IT security-relevant incidents and vulnerabilities

All IT security-relevant incidents and vulnerabilities should be reported directly to

it-sicherheit(at)tum.de or (anonymous) via https://meldeplattform.tum.de/

Examples of reportable incidents

Reportable incidents include:

  • Loss of electronic devices containing sensitive data
  • Hacker attacks directed at the TUM IT systems
  • Propagation of malware through IT systems operated by TUM
  • Compromise of access data
  • Security-critical vulnerabilities in devices and IT systems

Documentation and risk detection

The reporting system is designed primarily to document and uncover vulnerabilities within the TUM IT infrastructure. It's a necessary tool for detecting risks. As a result, it serves as a mechanism for warning other units that might also be impacted and for suggesting preventive measures.

Reporting system confidentiality

Security incidents reported to the above email addresses will be treated confidentially. Access is restricted to a very small group of people in the IT Service Center (including the CIO). Measures that result from the reports will be implemented without naming the unit or person submitting the report. This confidentiality applies to any statistics and reports produced by the system.