Zentraler Informatikdienst

IT security audit

For:  employees

Faculties and centres at the University of Vienna can have the security of their IT systems assessed by the IT security team of the ZID. As part of the IT security audit, risks are identified and prioritised, and specific measures to improve IT security are developed.

Request an IT security audit (in German)

IT security objectives

The audit is based on three security objectives:

  • Confidentiality: Protection against unauthorised access to systems and data
  • Availability: Continuous access to services and information, ensured, for example, by recovery processes
  • Integrity: Protection against unauthorised manipulation of systems and data

Scope, costs

The IT security audit covers the IT systems of the entire faculty or the entire centre. All subunits must therefore be informed and involved by the faculty or the centre.

The IT security audit incurs no costs for the faculty or the centre. The costs are covered by the ZID.

Procedure

  1. Analysis: In close consultation with all stakeholders, scans and penetration tests are conducted on the faculty or centre's IT systems.
  2. Report: The faculty or centre, as well as the ZID, receive a findings report including a management summary and proposed solutions for the identified security vulnerabilities.
  3. Consulting: The proposed solutions and implementation recommendations are discussed jointly, for example, during a workshop. The proposed measures are intended as recommendations.
  4. Implementation: The providers of the systems audited are responsible for independently implementing the measures at their respective faculty or centre.

Note

Despite the care taken, the IT security audit cannot identify all risks and assesses the situation at the time of the audit. As technologies and the threat landscape change, regular reviews are necessary. The frequency of these reviews depends on the potential damage caused by a failure, the sensitivity of the information being processed, and the current threat landscape.

Request an IT security audit

  1. Please use the Servicedesk form Request an IT security audit (in German).
  2. Please complete the form as accurately as possible so that the IT Security Team of the ZID can assess the nature and scope of the audit. Please address the following points:
    • basic information about the systems to be audited
    • IT security measures already in place
  3. Once the form has been submitted, the head of your faculty or centre will receive a notification and must approve the application via the Servicedesk.
  4. Further details will then be discussed in person.

Guidelines for the secure operation of IT services

Faculties and centres are required:

  • not to duplicate any IT services that are provided centrally by the ZID
  • to test new IT services before they are put into operation

Background

IT security audits are a key component of the Austrian Federal Government’s Cyber Resilience Plan (in German). As part of this cyber security programme, Austrian universities are working together to strengthen IT security in the higher education sector. The University of Vienna is leading the Security Audits Project. As part of this, the project team is auditing the central and decentralised IT systems of the University of Vienna and the participating partner universities.

Support

If you have any questions, please use the Servicedesk form IT Security (in German).

To top