Centralized IT security reporting
Following a decision by the TUM Board of Management, IT security-relevant incidents and vulnerabilities should be centrally documented and coordinated at TUM. A centralized IT security reporting system was introduced, as a result.
Reporting all IT security-relevant incidents and vulnerabilities
All IT security-relevant incidents and vulnerabilities should be reported directly to
it-sicherheit(at)tum.de or (anonymous) via https://meldeplattform.tum.de/
Examples of reportable incidents
Reportable incidents include:
- Loss of electronic devices containing sensitive data
- Hacker attacks directed at the TUM IT systems
- Propagation of malware through IT systems operated by TUM
- Compromise of access data
- Security-critical vulnerabilities in devices and IT systems
Documentation and risk detection
The reporting system is designed primarily to document and uncover vulnerabilities within the TUM IT infrastructure. It's a necessary tool for detecting risks. As a result, it serves as a mechanism for warning other units that might also be impacted and for suggesting preventive measures.
Reporting system confidentiality
Security incidents reported to the above email addresses will be treated confidentially. Access is restricted to a very small group of people in the IT Service Center (including the CIO). Measures that result from the reports will be implemented without naming the unit or person submitting the report. This confidentiality applies to any statistics and reports produced by the system.