Header

Search

Information Security Essentials

This “Essentials” page is temporary. The ETH CISO is preparing an Awareness campaign which will include measures aimed at increasing the digital literacy of ETH members relating to Information Security.

What does Information Security mean for staff at ETH?

“ETH Zurich handles information assets from research, teaching and management in such a way that their availability, confidentiality and integrity are always guaranteed as required.” ETH Compliance Guide.

As per the Compliance Guide, all employees are required to comply with ETH regulations relating to Information Security.

The key responsibilities for staff and managers are highlighted below, although please note that these are not exhaustive or comprehensive. Please ensure that you and your staff are familiar with the contents of each regulation.

  • ICT Use: Use ICT resources for their intended purposes and do not make changes that harm ETH Zurich.
    • In particular: install security-relevant software updates quickly; use screen locks; and follow password and PIN rules
    • Limited private use of ICT is allowed if it's lawful, non-commercial, and doesn't harm ETH Zurich's reputation.
  • Information Management: Handle classified information according to the required level of security
  • Data Protection: Handle personal data according to data protection laws. See the Data Protection Essentials page for more information.
  • Remote Work: Follow IT guidelines when using ICT resources remotely.
  • Security: Classify and restrict access to data as appropriate. If unauthorised access is identified or suspected, report it.
  • Liability: Users are responsible for policy-compliant use and are liable for damages from negligence or misconduct.
  • Abuse Reporting: Assist in investigating abuse and vulnerabilities. Avoid illegal activities and unauthorized network changes.

Service intermediaries

Staff who manage and oversee the use of external IT services for ETH - must ensure those services meet security and compliance standards. See Article 6 of the IT Guidelines for more information.

Leaders with line management responsibility have additional responsibilities:

  • Policy Management: Ensure compliance by staff with ICT policies and approve changes.
  • Private Use Oversight: Manage private ICT use to ensure adherence to guidelines.
  • Data Handling Supervision: ensure appropriate data management (i.e. classification of information, issue guidelines or creating policies as appropriate) and initiate lawful disclosures where necessary.
  • Remote Work Guidelines: Confirm remote ICT use follows set guidelines.
  • Security Monitoring: Manage data security and access and initiate incident responses where necessary.
  • Policy Enforcement: Address, manage and report policy breaches as appropriate.
  • Investigation Direction: Investigate suspicions of abuse and/or system vulnerabilities to prevent and identify unauthorized activities.

The Information Security Office (ISO) organisation exists to support leaders in their duties. See Contacts and organisation.

Further Information

Contact

Digital Transformation Office

JavaScript has been disabled in your browser