Information Security and Data Privacy
Robust Security Measures
Implement industry-leading firewalls, intrusion detection systems, and data encryption technologies to safeguard our network and infrastructure.
Regularly assess and patch vulnerabilities in systems and software to prevent unauthorized access and data breaches.
Replace outdated systems and update services to prevent security breaches and
Conduct security awareness and ethics training for all university community members to promote responsible online behavior and mitigate social engineering risks.
Together, we want to embrace this digitalization journey, empowering each member of our university’s administration and science management to work more efficiently, collaborate seamlessly, and contribute to a sustainable future. The dedication and active participation of each member of our TUM community will be vital in realizing this vision.
Dr.-Ing. Alexander Braun
Certification and Access Control
Certify IT processes at TUM according to current ISO standards to achieve more professional service levels and internal and external trust.
Classify data based on sensitivity and define access levels accordingly to ensure that only authorized personnel can access and handle sensitive information.
Implement multi-factor authentication and strong password policies to strengthen user access controls. Single Sign On (SSO) methods are enforced wherever possible.
Regularly review and audit user access privileges to minimize the risk of data exposure or unauthorized access.
Privacy by Design
Embed privacy considerations throughout the entire lifecycle of systems and services, ensuring that privacy is prioritized from the design phase.
Conduct privacy impact assessments to identify and mitigate potential privacy risks associated with new technologies or processes.
Implement privacy-enhancing technologies such as data anonymization and pseudonymization to protect personal information while maintaining utility.
Leverage cloud-based systems to enhance agility, scalability, and cost-efficiency while mitigating risks.
Conduct thorough due diligence when selecting cloud service providers, ensuring they have robust security measures and comply with data protection regulations.
Implement encryption and access controls to protect data stored and processed in the cloud and monitor cloud environments for anomalies or breaches.
Establish a data protection framework aligned with the General Data Protection Regulation (GDPR) requirements.
Regularly review data processing activities, update privacy policies, and implement data subject rights procedures to fulfill GDPR obligations.
Establish a Governance, Risk, and Compliance (GRC) system that includes a Data Protection Management System (DSMS) and addresses relevant security and project requirements.