Frau meldet Sicherheitsvorfall über Telefon

What is a sercurity incident?

A security incident is a negative event which impairs information security (meaning confidentiality, availability and/or integrity) of data, information, business processes, IT services, IT systems, IT applications and the university’s infrastructure. It is a security incident if

  • Personal data, research data or university / company data are affected
  • Data/information have been unlawfully manipulated, deleted or disclosed
  • Systems/applications/infrastructure have been unlawfully manipulated, deleted, destroyed, disclosed or limited

Are you unsure? Please let us know!

Report form for security incidents


Examples of security incidents

If you experience one of the situations described in these examples, please notify us as soon as possible. Security incidents can take many different forms and it is impossible to list all possible incidents. Therefore, you will find a definition of security incidents below.

Loss or theft of devices (e.g. laptops), data carriers (e.g. USB sticks) and documents or (unintended) disclosure of confidential information

Detection of malware on your device, irregular behavior of your device or your device does not function anymore

 

Blackmail or coercion to disclose confidential information or disobey rules, requests for information by third parties (personally, at the phone or via e-mail) or suspicious persons in protected areas

Detecting devices and items which are suddenly and without prior notice in your office (another computer, USB sticks, cables, boxes...)

Successful attack by fraudulent e-mail: Links were clicked, files were opened and information has been disclosed


The three protection goals of information security

Confidentiality, availability and integrity are the basic protection goals of information security. These goals have to be protected in order to prevent security incidents. If the protection of these goals fails and at least one of the protection goals is infringed, this is usually considered a security incident.

We use the definitions of the protection goals by the Federal Office for Information Security.

Confidentiality

“Confidentiality is the protection against unauthorized disclosure of information. Only authorized persons may access confidential data and information in a lawful way.”

Availability

“The availability of services, functions of an IT system, IT applications or IT networks or the availability of information is given, if the aforementioned can be used as intended by the users.”

Integrity

“Integrity means ensuring the correctness (intactness) of data and the correct functioning of systems. [...] Therefore, loss of integrity can mean that data are altered without permission, information on the author is falsified or the dates of creation are manipulated.”