IT security at ETH Zurich
At IT Services, IT security is an integral part of the overall lifecycle of a service – from the specification to the decommissioning.
IT security is varied and interdisciplinary. The expertise required ranges from raising awareness, communications in software development, project management, system hardening and operations through to security monitoring and incident management. The successful implementation of IT security can’t come from an ivory tower, but must rather be integrated into the day-to-day processes of all IT platforms and teams. This is the challenge that IT Services is tackling with the ITS security organisation.
IT security delegates
We have appointed „security delegates“ from all ITS sections. Thus, for example, there are security delegates for Windows services, messaging, printing, high-performance computing or client delivery. The delegates are conveyors of knowledge and the first port of call for all questions relating to IT security. Their task is to ensure that IT security aspects are taken into consideration and implemented within their areas of responsibility.
The security delegates know their areas of responsibility first-hand since, as before, they work primarily within their specialized teams as system engineers or service or process managers. This integral approach means that IT security is implemented pragmatically and in accordance with current „good practices“. Short channels permit rapid reactions in an emergency.
And what if something happens?
If something goes wrong, for example if users click on the URL in a phishing mail and enter their password into a malicious website, it’s important to react quickly before attackers can cause any greater damage.
Discovering and dealing with incidents promptly is a crucial pillar in every IT security blueprint. Hence within ETH Zurich, the Network Security Group (NSG), which is part of IT Services, has been entrusted with security monitoring of the network traffic. The tireless efforts of the group pay off because time and again the NSG is able to identify and deal with incidents. Alongside the security delegates, the NSG is therefore a crucial part of the ITS security organisation.
Integral, interdisciplinary and coordinated
The ITS security organisation is managed on the technical side by the Chief IT Security Officer of IT Services, Anja Harder. She coordinates the work of the security delegates across all of the specialist teams and is responsible for the IT security projects of ITS, such as the planned introduction of services for email signing and encryption, as well as two-factor authentication.
Support for all
With the ITS security organisation, we are well positioned to tackle the challenges of IT security.
We will be delighted to help you further: with advice on IT security topics or with technical audits of the IT security in your system environment.
Anja Harder, Chief IT Security Officer for IT Services, ITS Management, email@example.com