Frau meldet Sicherheitsvorfall über Telefon
What is a security incident?

A security incident is a negative event which impairs information security (meaning confidentiality, availability and/or integrity) of data, information, business processes, IT services, IT systems, IT applications and the university’s infrastructure.

 Report form for security indicents

Please address your questions to oder an den IT Support +49 621 181-2000

Examples of security incidents

If you experience one of the situations described in these examples, please notify us as soon as possible. Security incidents can take many different forms and it is impossible to list all possible incidents.

Loss or theft of devices (e.g. laptops), data carriers (e.g. USB sticks) and documents or (unintended) disclosure of confidential information

Detection of malware on your device, irregular behavior of your device or your device does not function anymore


Blackmail or coercion to disclose confidential information or disobey rules, requests for information by third parties (personally, at the phone or via e-mail) or suspicious persons in protected areas

Detecting devices and items which are suddenly and without prior notice in your office (another computer, USB sticks, cables, boxes...)

Successful attack by fraudulent e-mail: Links were clicked, files were opened and information has been disclosed

For each example the protection of the IT security goals fail and at least one of the protection goals is infringed:

  • Personal data, research data or university / company data are affected (Confidentiality)
  • Data/information have been unlawfully manipulated (Integrity)
  • Systems/applications/infrastructure have been unlawfully deleted, destroyed or limited (Availability)

The three protection goals of information security

Confidentiality, availability and integrity are the basic protection goals of information security. These goals have to be protected in order to prevent security incidents. If the protection of these goals fails and at least one of the protection goals is infringed, this is usually considered a security incident.

We use the definitions of the protection goals by the Federal Office for Information Security.


“Confidentiality is the protection against unauthorized disclosure of information. Only authorized persons may access confidential data and information in a lawful way.”


“The availability of services, functions of an IT system, IT applications or IT networks or the availability of information is given, if the aforementioned can be used as intended by the users.”


“Integrity means ensuring the correctness (intactness) of data and the correct functioning of systems. [...] Therefore, loss of integrity can mean that data are altered without permission, information on the author is falsified or the dates of creation are manipulated.”