Information Security Officer Boards (ISO Boards)
Information Security usually isn't recognized as a relevant topic until something unexpected has already happened. Using a systematic approach, the Information Security concept aims to establish a continuous improvement process within ETH that's supposed to strengthen the following topics:
- Improve awareness and raise sensitivity towards Information Security in general
- Establish a systematic assessment of information security risks, based on the relevant business processes of each unit
- Use this information to make conscious decisions on information security risks and hence reduce surprises
- Establish well-defined decentralized responsibilities
- Collectively create best practices and guidelines
To this end the executive board of ETH passed the Information Security Concept on January 28, 2014 and created the role of Information Security Officer (ISO).
The role of ISO will be taken on by the Informatik Support Leiter (ISL) in the departments. The role of Chief Information Officers (CISO) will be filled by the director of the central IT Services.
Information security is organized with two ISO boards. Both are chaired by the CISO.
- «ISO Board for Departements»
- «ISO Board for Central Units»
Since the requirements are different for both areas the board meetings are hold separately.
The ISO boards has no authority to give directives. The goal is to improve Information Security at ETH. The implementation of directives is done via the executive board of ETH.
More details can be found in the documentation of the Concept Information Security (PDF, 434 KB)
Improve awareness and raise sensitivity
Information Security deals with
In order to improve awareness and raise sensitivity towards Information Security, we start with a campaign that takes on two to four topics each year and offers support to each of these items.
Information relating the actual and past campaign topics can be found on our Campaign Website