Infor­ma­tion security

Fore­word

The perfor­mance of the Univer­sity of Applied Sciences Schwä­bisch Gmünd in the areas of rese­arch, teaching and admi­nis­tra­tion depends on the secu­rity and avai­la­bi­lity of the tech­nical infra­st­ruc­ture. Due to the incre­a­sing number of internal and external attacks on the IT infra­st­ruc­ture, taking measures to secure the infra­st­ruc­ture has top priority.

Scope

This guide­line applies to all faci­li­ties of the Univer­sity of Applied Sciences Schwä­bisch Gmünd, the entire IT infra­st­ruc­ture inclu­ding the IT systems operated by the study programmes, the central faci­li­ties and all equip­ment connected to the HfG network and all members, rela­tives and guests of the Univer­sity of Applied Sciences Schwä­bisch Gmünd.

Content and objec­tives of the Infor­ma­tion Secu­rity Guideline

Due to the steady increase in infor­ma­tion tech­no­logy (IT) in higher educa­tion, it has taken on a key role in the fulfilment of tasks. Today, it is no longer possible to perform tasks without IT in any area. There­fore, secure infor­ma­tion and commu­ni­ca­tion tech­no­logy is of utmost impor­t­ance. The guide­line defines objec­tives for secure opera­tion and hand­ling in the collec­tion, storage, reco­very, trans­mis­sion and use of data, as well as the protec­tion of the confi­den­tia­lity and avai­la­bi­lity of information.

Infor­ma­tion Security

Infor­ma­tion secu­rity includes all necessary orga­niz­a­tional and tech­nical measures to achieve or main­tain a high level of secu­rity of IT services and to comply with legal requirements.

The IT depart­ment must be involved in all projects at an early stage in order to take secu­rity-rele­vant aspects into account as early as the plan­ning phase. If personal data are affected, the data protec­tion officer for aspects of data protec­tion must be involved.

The overall concept of infor­ma­tion secu­rity is regu­larly reviewed for its topi­ca­lity, appro­pria­teness and effec­ti­ve­ness. The Recto­rate supports the conti­nuous impro­ve­ment of the secu­rity level. Univer­sity staff members are required to report possible impro­ve­ments or weak­nesses to the rele­vant departments.

When using and intro­du­cing IT proce­dures, data secu­rity concerns must be checked and docu­mented. Systems are to be selected and confi­gured in such a way that the safest possible opera­tion is guaran­teed (secu­rity by design), e.g. by auto­mated updates of devices or secu­ring the networks against unaut­ho­rised access. Autho­ri­sa­tion and authen­ti­ca­tion is required for data storage, espe­cially in the case of personal data. In the case of the indis­pensable backup of data, a multi-level read-only or external data versio­ning should ensure that previous data statuses can be restored unch­anged. Data storage and backup systems shall be encrypted as far as possible.

Trai­ning and regular infor­ma­tion on secu­rity-rele­vant inci­dents or attacks and beha­vioural measures should raise awareness of aspects of data secu­rity and data protection.

Infor­ma­tion Secu­rity Officer (Chief Infor­ma­tion Secu­rity Officer, CISO)

The Infor­ma­tion Secu­rity Officer is appointed by the Recto­rate of the Univer­sity of Applied Sciences Schwä­bisch Gmünd and is respon­sible for the plan­ning, coor­di­na­tion and imple­men­ta­tion of measures to guarantee the protec­tion goals.

The overall respon­si­bi­lity for infor­ma­tion secu­rity lies with the Rector of the Univer­sity of Applied Sciences Schwä­bisch Gmünd.

Hoch­schule für Gestal­tung
Schwä­bisch Gmünd
Univer­sity of Applied Sciences
Rector-Klauss-Str. 100
73525 Schwä­bisch Gmünd