Strengthening information and IT security at ETH Zurich
At the end of 2023, the Executive Board decided to incorporate and further develop the role of Chief Information Security Officer (CISO) within IT Services in a new section. The position has therefore been filled anew. The new CISO Johannes Hadodo has been heading the section since 1 April 2024.
Cyber-attacks are now one of the most significant risks for the IT security of organisations. ETH Zurich must also protect itself. Since April 2019, there has been a CISO at ETH, who was attached to the General Secretariat. In order to strengthen the function, it was decided to relocate the position of CISO to the IT Services from 1 January 2024. This will combine the resources for developing and ensuring information security with the resources for IT security. The role of the CISO at ETH will thus be redefined and significantly expanded: the CISO will no longer only develop the information security strategy, set guidelines, check compliance and issue authorisations for all ETH Domains, but will also be responsible for the technical implementation of security measures within the IT Services department (ITS), which will improve the overall effectiveness of information security. Further information can be found in this article on Intern aktuell.
“Cyberattacks are one of the biggest operational risks for universities.”Rui Brandao, Director of IT Services
New section in the IT Services department
In order to increase the efficiency of information and IT security and utilise synergies, the new "Information Security Centre" section (name to be developed) will be created. By bundling information and IT security, the existing cooperation between the existing CISO function and technical IT security with the IT Security Centre (IT-SeC) and the Computer Security Incident Response Team (CSIRT) of ETH Zurich will be intensified. The IT-SeC monitors the current security status of the IT systems, analyses incidents and implements preventive and reactive measures as well as IT security projects.
The CISO reports to the Head of IT Services for the design and implementation of preventive and reactive IT security for the central IT systems. However, the CISO continues to report to the Secretary General with regard to the development and maintenance of the information security strategy, the corresponding regulations, audits and the approval of exceptional authorisations in order to maintain his independence in these areas.
ETH expands requirement profile for the CISO function
In our increasingly networked world, cyber security is becoming ever more important and goes beyond traditional security tasks. With the expansion of the CISO function, it was decided to re-advertise the position. The expanded role requires a broader range of experience, which the new CISO Johannes Hadodo brings with him.
“The further development of an information and IT security strategy that promotes the openness and innovative strength of ETH is of crucial importance for the future of our university.”Johannes Hadodo, CISO of ETH Zurich
Hadodo replaces Domenico Salvati in his previous role as CISO. However, he will remain active in the new section: Domenico Salvati will continue to develop the information security strategy and the corresponding regulations, review compliance with them and requests for exceptions and implement awareness measures. He will thus continue his previous involvement in information security governance.
In addition, Anja Harder, Chief IT Security Officer, retired at the end of March 2024. Hadodo's role will therefore be a combination of Harder's project management tasks and those of Thomas Richter, previously Head of the IT Security Centre.
About
Johannes Hadodo can look back on more than 17 years of management experience in national and international companies in the financial and security sector. With his experience in the development of IT security solutions, he will continue to drive the future of IT security at ETH Zurich.
Hadodo most recently worked as Head of Network Security Services at SIX Group, Zurich. Prior to that, he gained experience as Senior Manager of Group IT-Communication Services at the dormakaba Group and in various positions at the Kaba Group, including Senior Manager of Group IT-Projects and Services and Deputy CIO.
Note on the translation
This text has been translated for your convenience using a machine translation tool. Although reasonable efforts have been made to provide an accurate translation, it may not be perfect. If in doubt, please refer to the German version.
Should you come upon significant translation mistakes, please send a short message to so that we can correct them. Thank you very much.
Always up to date
Would you like to always receive the most important internal information and news from ETH Zurich? Then subscribe to the "internal news" newsletter and visit Staffnet, the information portal for ETH employees.