IT Security Policy

Many problems with IT security are based on a lack of organisation. A central point of this topic is to decide who works on the related topics around IT security and who is responsible for IT security.

For motivation reasons you can find my talk for the university senate here and further informations in the related chapter 3.0 IT Security Management in the IT-Baseline Protection Manual from the Federal Office for Information Security (BSI)

There is also a position paper from the BSI about IT Security at universities.

On 13th february 2004, the university senate passed a IT Security Policy for the Technical University Hamburg-Harburg.

Certainly, the realisation of the IT Security Policy is not possible from one day to the other. The policy rather is at the beginning of a continuous IT security process.

The next required step will be to qualify and train the employees who will later become the decentral IT security officer. When the RZ offers these advanced trainig courses, we will ask the direcors of the research departments to tell us the names of the future IT security officer.