Information Security

Cybersecurity resilience, i.e., how lightly we get off in the next cyber incident, depends on many factors:

• How well we are prepared for an incident
• How quickly we detect an incident (the sooner, the better)
• How well we (can) respond to the incident
• How quickly we return to normal

• Preparation: This includes topics such as organization and the creation of and compliance with guidelines (governance) and dealing with risks and suppliers, a systematic approach, and the behavior of all of us with regard to cybersecurity (management).
  It also includes topics such as identifying and protecting critical information (identify) – where is it stored and how important is it for our core tasks? How well are the information and our IT resources protected against cyber incidents? (Protect).
• Detection: In order to successfully defend against cyber incidents, it is essential to detect them as early as possible. This is where our collective awareness and reporting to the service desk help. In addition, the entire UZH network and certain central services are permanently monitored by ZI IT Security (monitoring by the SOC) and specifically searched for known current attacks (hunting), which we receive from other universities, among others.

• Responding to incidents: How well prepared are our defenses? How can we contain the spread of the problem, minimize damage, and exclude potential attackers? (Respond) This also includes appropriate communication during an incident in order to provide as much information as possible without revealing too much to the attackers.

• Return to normal: The goal of information security and IT security is to return to normal working conditions as quickly as possible. (Recover)