Cooperation

The Executive Board of the University receives regular updates on relevant topics from the CISO.
This includes the current threat situation and the implementation status regarding compliance and strategy, as well as recommended measures.

Cooperation with the deans of the seven faculties has been initiated. As soon as it becomes clearer how the CISO can support the faculties, such cooperation will be increased.

Unfortunately, close cooperation with all departments and institutes is not possible with the current level of staff. Cooperation is therefore possible only with representatives of departments and institutes participating in the IT manager meeting and the Awareness and Software Guilds.

The General Council is a very important partner for legal and data protection-related tasks. Exchange takes place regularly.

Law and data protection is organized at UZH by the General Council. There are major thematic overlaps between data protection and information security.

Close cooperation is therefore important.

Part of information security is about protecting physical information, and IT security can hardly be implemented without addressing this factor.
Organized and effective physical security is therefore a basic requirement. Furthermore, information security requirements provide additional arguments for ensuring seamlessly implemented physical security.

In addition, the IT Security unit at the Information Technology office has coordinated its emergency management for crisis escalations with the crisis management of the Safety, Security and Environment office.

Cooperation with the Information Technology office takes place with various units, such as IT security, the multimedia team, strategic IT management, IT infrastructure, science IT, workplace services, IT training and by involving the CIO in workshops.

One of the most important collaborations is with IT Security, specifically with the SOC and CSIRT. On the one hand, the CISO supports the development of specifications and accepts various consulting topics; on the other hand, close cooperation is undertaken on the topic of increasing cyber resilience.

Although IT Security is fundamentally focused on centralized Information Technology and not the decentralized IT landscapes, the SOC and the CSIRT are available for the entire UZH, just as the CISO is responsible for the entire UZH.

The internal audit (IR) usually has the task of checking the implementation of financially relevant processes – and this certainly includes parts of IT – for compliance with legal, internal and procedural requirements.

Like the IT Security unit, IR is often perceived as a police force, but should actually be viewed as a help point. Often, managers have too many topics on their plate. The risk-based analyses carried out by IR can help managers prioritize the issues correctly.

The Human Resources (HR) office has more responsibility for cybersecurity than it first seems. The processes for employees to join, leave or transfer positions are HR tasks, and responsibility for correctly implementing and executing these tasks does not lie with the IT office, but with HR.

In addition, HR can already influence certain aspects of cybersecurity when hiring employees in certain positions. If dealing with IT systems is one of the core tasks of a role, understanding and knowing about security is a basic requirement.

The ICS is an important means of mitigating risks with a high probability of occurrence. By introducing measures and monitoring their implementation, ICS reduces the probability of occurrence .
ICS is therefore incorporated as an important step in risk management.

Digital innovations that don't consider information security and cyber risks have little chance of success.

A promising approach is the unification of cybersecurity with research. Many areas are still unexplored, especially in the area of awareness, and research results are certainly a good argument for taking cyber security seriously.

The Cyber Resilience Network of the Canton of Zurich offers various options. These are there to be used.

Training executives in matters of information security is fundamental. That is why cooperation with the Leadership Academy has already been started.

The CISOs of the four university hospitals (UniversityHospital Zurich, University Children's Hospital Zurich, Balgrist University Hospital and University Hospital of Psychiatry Zurich) and IT security representatives meet several times a year to discuss various topics and collaborations.

The close cooperation with the CISO of ETH Zurich is also supported by the exchange among all Swiss universities on the SWITCH platform and in independent groups for sharing experiences, such as the Cyber Security Competence Group Switzerland (CSCG).

Cooperation with the Communications Office is not only relevant for the announcement of awareness measures and for the website, but also important in cybersecurity emergencies.
The Communications Office is therefore represented in the Awareness Guild.

The CISO supports various projects and working groups. This is an important information security task.