The performance of the University of Applied Sciences Schwäbisch Gmünd in the areas of research, teaching and administration depends on the security and availability of the technical infrastructure. Due to the increasing number of internal and external attacks on the IT infrastructure, taking measures to secure the infrastructure has top priority.
This guideline applies to all facilities of the University of Applied Sciences Schwäbisch Gmünd, the entire IT infrastructure including the IT systems operated by the study programmes, the central facilities and all equipment connected to the HfG network and all members, relatives and guests of the University of Applied Sciences Schwäbisch Gmünd.
Content and objectives of the Information Security Guideline
Due to the steady increase in information technology (IT) in higher education, it has taken on a key role in the fulfilment of tasks. Today, it is no longer possible to perform tasks without IT in any area. Therefore, secure information and communication technology is of utmost importance. The guideline defines objectives for secure operation and handling in the collection, storage, recovery, transmission and use of data, as well as the protection of the confidentiality and availability of information.
Information security includes all necessary organizational and technical measures to achieve or maintain a high level of security of IT services and to comply with legal requirements.
The IT department must be involved in all projects at an early stage in order to take security-relevant aspects into account as early as the planning phase. If personal data are affected, the data protection officer for aspects of data protection must be involved.
The overall concept of information security is regularly reviewed for its topicality, appropriateness and effectiveness. The Rectorate supports the continuous improvement of the security level. University staff members are required to report possible improvements or weaknesses to the relevant departments.
When using and introducing IT procedures, data security concerns must be checked and documented. Systems are to be selected and configured in such a way that the safest possible operation is guaranteed (security by design), e.g. by automated updates of devices or securing the networks against unauthorised access. Authorisation and authentication is required for data storage, especially in the case of personal data. In the case of the indispensable backup of data, a multi-level read-only or external data versioning should ensure that previous data statuses can be restored unchanged. Data storage and backup systems shall be encrypted as far as possible.
Training and regular information on security-relevant incidents or attacks and behavioural measures should raise awareness of aspects of data security and data protection.
Information Security Officer (Chief Information Security Officer, CISO)
The Information Security Officer is appointed by the Rectorate of the University of Applied Sciences Schwäbisch Gmünd and is responsible for the planning, coordination and implementation of measures to guarantee the protection goals.
The overall responsibility for information security lies with the Rector of the University of Applied Sciences Schwäbisch Gmünd.
Hochschule für Gestaltung
University of Applied Sciences
73525 Schwäbisch Gmünd