{"id":1647,"date":"2019-06-18T16:13:55","date_gmt":"2019-06-18T14:13:55","guid":{"rendered":"https:\/\/wpethzprd.ethz.ch\/its\/?p=1647"},"modified":"2019-06-18T16:13:57","modified_gmt":"2019-06-18T14:13:57","slug":"new-ciso-at-eth-zurich","status":"publish","type":"post","link":"https:\/\/blogs.ethz.ch\/its\/2019\/06\/18\/new-ciso-at-eth-zurich\/","title":{"rendered":"New CISO at ETH Zurich"},"content":{"rendered":"\n

Dr. Domenico Salvati is the new CISO at ETH Zurich.<\/p>\n\n\n\n

Domenico Salvati has been working as CISO (Chief Information Security Officer) at ETH Zurich since the beginning of April 2019. The role of the CISO has existed at ETH for some time now, and was hitherto carried out by the Head of IT Services, Dr. Rui Brandao. With the entry into force of the directive «Information Security at ETH Zurich» (around April 2018) it became clear that the tasks, rights and duties of the CISO as specified would exceed the time budget of the Head of IT Services<\/p>\n\n\n\n\n\n\n\n

Domenico Salvati: Career Path<\/h2>\n\n\n\n
\"Domenico
Domenico Salvati: new CISO at ETH Zurich<\/em><\/figcaption><\/figure>\n\n\n\n

For Domenico Salvati, Information Security has played a central role in his professional career. His interest in information security began towards the end of his studies in information systems at the University of Zurich, where he wrote his degree dissertation on «Organisational Aspects of Information Security». The final year paper opened the way to his first employment with a large audit firm, where he gained initial experience in the Computer Risk Management Group. He gained further experience on the staff of the CIO at a medium-sized Swiss bank, and this led to him being hired by a major Swiss bank, where he held various roles in the field of information security. The bank later offered him the opportunity to work part-time with its support in order to write a dissertation entitled «Management of Information System Risks».\u00a0 Domenico Salvati then went from the banking world to a job with a major Swiss health insurer, where he served as Corporate Risk Manager.<\/p>\n\n\n\n

What is information security and what does a CISO do?<\/h2>\n\n\n\n

Information security «wants» to\nensure that confidential information remains confidential, that information is\nnot unintentionally and erroneously altered (information and integrity), and\nthat information is available when needed. In many cases, the above-mentioned\nrequirements for the protection of information also stipulate verification\nand\/or traceability, which are particularly important when someone wants to\nmake a payment via e-banking, and prove retrospectively that the payment was\nactually triggered. The «information» part of the term\n«information security» should also indicate that this protection\nshould not be limited to the IT resources of ETH Zurich, but also applies, for\nexample, to information written on paper, and even to the spoken word.<\/p>\n\n\n\n

The ETH Zurich CISO now essentially implements the above-mentioned directive, «Information Security at ETH Zurich» and is the central point of contact for all units (central bodies, departments, and their institutes, as well as teaching and research institutions outside the departments) for all information security issues. It is also important in this context to adhere to the rules of conduct specified in the «ETH Zurich Acceptable Use Policy for Information and Communications Technology (BOT)». In view of the size and complexity of ETH Zurich and the great variety of tasks involved in the role of CISO (see article 5 of the «Information Security Directive»), for each department and for the central bodies and staff, so-called Information Security Officers (ISO) are being appointed, who are on the front line, as the first points of contact.<\/p>\n\n\n\n

Information Security Directive URL <\/h3>\n\n\n\n