Navigation auf uzh.ch

Suche

Information security

Role of the ISO

Each faculty and the Central Services appoint an Information Security Officer.
Faculties that are not organized hierarchically appoint an Information Security Officer for each (relevant) department/institute and/or for the most important units, such as research units, centers, clinics or seminars. The faculty management decides on this independently. The ISOs are under the technical leadership of the CISO.

If necessary, ISOs with different roles can be appointed:
A business ISO (B-ISO) is responsible for tasks such as requirements, approvals, concepts, controls, information inventory and categorization, while the technical ISO (T-ISO) is responsible for tasks such as architecture, lifecycle, entities, directories, software and hardware inventory, change management and configuration management.

The Information Security Officer (ISO) has the following tasks, responsibilities and competences in his or her unit:

Grid containing content elements

Tasks of the ISO within own unit

> Participation in the ISMS (*)
    °  Security engineering
    °  Identity and access management
    °  Application security
    °  Network security
    °  Mandatory reporting of incidents to the CSIRT
> Definition and monitoring of measures
> Information security consulting
> Assessment of security risks
> Information assets inventory
> Management of information owners
> Participation in the Awareness Guild (optional)

Responsibilities of ISO within own unit

> Participation in information security
> Up-to-datedness of the information inventory
> Reporting to CISO according to specifications
> Cybersecurity resilience self-assessment

Competences of the ISO within own unit

> Entry of measures into the ISMS
> Right to be involved in the creation of regulations
> Very close cooperation with:
    °  CISO
    °  Other ISOs

More about the ISO-role in the faq

Weiterführende Informationen

Related Links

(*) Explanations

> ISMS:
    Information Security Management System
> ISO: Information Security Officer

Requirements profile for the ISO role

> Education and skills
   °  Experience in IT or
   °  Understanding of IT tasks
   °  Interest in IT security
   °  Understanding of risk approaches
   °  Security know-how an advantage
> Work experience
    °  Overview of the unit's work areas and their importance
    °  Overview of the information required
> Personality traits
    °  Innovative
    °  Open
    °  Motivated
    °  Solution-oriented
> Language
    °  German (English an advantage)