Information Security Officer Boards (ISO Boards)
Information Security usually isn't recognised as a relevant topic until something unexpected has already happened. Using a systematic approach, the Information Security concept aims to establish a continuous improvement process within ETH that's supposed to strengthen the following topics:
- Improve awareness and raise sensitivity towards Information Security in general
- Establish a systematic assessment of information security risks, based on the relevant business processes of each unit
- Use this information to make conscious decisions on information security risks and hence reduce surprises
- Establish well-defined decentralised responsibilities
- Collectively create best practices and guidelines
To this end the executive board of ETH passed the Information Security Concept on 28 January 2014 and created the role of Information Security Officer (ISO).
The role of ISO will be taken on by the Informatik Support Leiter (ISL) in the departments. The role of Chief Information Officers (CISO) will be filled by the director of the central IT Services.
ISO Boards
Information security is organized with two ISO boards. Both are chaired by the CISO.
- ISO Board for Departements
- ISO Board for Central Units
Since the requirements are different for both areas the board meetings are hold separately.
The ISO boards has no authority to give directives. The goal is to improve Information Security at ETH. The implementation of directives is done via the executive board of ETH.
Improve awareness and raise sensitivity
Information Security deals with
- Availability
- Confidentiality
- Integrity
- Traceability
of data.
In order to raise awareness and improve sensibility towards Information Security, we’ve started a campaign that tackles two to four topics each year and offers support to related questions.
Information relating the actual and past campaign topics can be found on our Campaign Website