Profile for Universities
COVID-19 outbreak forced universities to significantly incorporate digitalization in their daily operations, which consequently has increased the risks of losing sensitive data. Universities in Germany are state institutions, so it is mandatory for them to maintain the information security management system (ISMS). Information security and data protection officers from over 30 educational institutions in Germany had been working on the revision and issued it as a dedicated IT-Grundschutz profile for universities.
Challenges of Establishing an ISMS
Having dozens of departments, a lot of sensitive information, universities may not even know where to start from. Here is why the implementation of the information security and data protection requirements can be discouraging. Among the major issues educational institutions face while building ISMS and DPMS are the following:
- Distributed organizational structures
- Unclear responsibilities
- Lack of accuracy of ISMS implementation
- Incomplete documentation
- Using outdated tools, e.g., Excel, instead of ISMS solutions
IT-Grundschutz Profile Overview
IT-Grundschutz Profile is the modification of the information security standard that includes recommended security measures. Organizations can further develop their own university-specific security concept, and build ISMS based on the standard protection level.
Structure of the Profile
IT-Grundschutz profile for universities consists of 83 modules (out of 94), among which:
- 31 Process modules, higher-level modules as an overview assigned to the entire information network
- 52 system modules, assigned to the target objects in process maps.
How to Implement IT-Grundschutz Profile with the ISMS Management Software
Infopulse SCM enables working with ISMS and DPMS simultanuously in one place and offers clear and simple modeling of the concepts.
- Implementation of the process map (applications and IT and Building Infrastructure) with clear assignment of building blocks of the IT-Grundschutz Compendium for universities.
- Basic- , standard-, core protection levels of protection.
- Determination of protection requirements.
- Individual risk assessment in case of high protection needs.
The system offers implementation recommendations for the application of the individual building blocks in the university, such as the implementation notes of IT-Grundschutz or custom implementation recommendations, e.g., for those of representatives of the member institutions in the working group Information Security of the ZKI)
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.