Information security house rules

Here you will find rules of information and IT security as video and in text format, or as PDF for printing.

Adhere to applicable rules

Regel 1

Avoid the misuse of systems and passwords

Regel 2
  • Select passwords which are difficult to guess. Keep them secret and observe the password rules.
  • Use a password-​protected screen saver whenever you leave your workplace.
  • Logout or turn off computers when you are absent or do not need to use the system.

Always keep your systems up to date

Regel 3
  • Make sure the virus scanner software is being updated regularly. Never disable such security features.
  • Ensure that systems and applications are updated to current versions.
  • Turn off all programmes and services that you do not need for your work.

Protect your information from misuse

Regel 4
  • Grant access only to authorised persons.
  • Never leave mobile devices such as laptops, smartphones or USB sticks unattended.
  • Use screen filters if necessary.
  • Encrypt sensitive information.
  • Create regular backups.
  • Note confidentiality notices in documents and classify your documents when creating them.

Use only legally obtained (and licensed) products

Regel 5
  • Respect copyright and license restrictions of applications and data.
  • Use only programmes and data for which you are authorised and for their intended use.

Use email and Internet cautiously

Regel 6
  • Remember that email attachments can contain viruses or malicious programmes.
  • Check where links really lead to before you click on them.
  • Download programmes and data only from trusted sources; scan downloads with your antivirus programme.
  • Scan downloads and external storage media with your virus protection programme.

Report incidents immediately

Regel 7
  • Consider breaches of confidentiality or unexpected changes to data as an incident.
  • Report any security-related incidents immediately to your IT support centre.

Inform yourself about Cloud Computing and Social Media

Regel 8
  • Check the legal conditions of the provider and clarify whether they comply with ETH Zurich regulations.
  • The outsourcing of sensitive data of ETH Zurich is not permitted (Compliance Guide). For such data, use ETH's polybox or other internal ETH services.
  • Please observe the ETH Zurich Social Media Guidelines
JavaScript has been disabled in your browser