Information Securit at the TU Wien

Glossar Information Security and Data Protection

Responsibilities and tasks according to BSI (German Federal Office for Information Security): The information security officer is responsible for all issues relating to information security in the institution.

His/her tasks include:
- manage and coordinate the security process,
- to support the management in the creation of the security guidelines,
- to coordinate the creation of the security concept and associated sub-concepts and guidelines,
- to prepare implementation plans for security measures and to initiate and review their implementation,
- report on the status of information security to management and other security officers,
- Coordinate security-related projects,
- investigate security-related incidents, and
- Initiate and coordinate information security awareness and training.

 

A person who is officially designated as a data protection officer within the meaning of the GDPR and notified to the supervisory authority. He or she supports and advises the company in data protection matters and is the central point of contact for data protection inquiries from employees, data subjects and the supervisory authority.

Information security combines the areas of data protection, IT security as well as information protection and ensures the security of analog and digital information of our univiersity.
Information security protects against loss, manipulation, unauthorized access and falsification of data and information. In contrast to IT security, information security also includes the security of information that is not processed electronically.

IT security refers to the security of IT systems and the data stored in those systems.

Username: first letter first name + first 7 letters last name @tuwien.ac.at
Initial Assignment: https://login.tuwien.ac.at/passwort/mitarbeiter, opens an external URL in a new window
Change: https://login.tuwien.ac.at/passwort/mitarbeiter, opens an external URL in a new window
Access/Services: WLAN, VPN, Mailsubmission via mr.tuwien.ac.at

The password for the network area of the TU Wien ("network account"), for the service area of the TU Wien ("upTUdate account"), the administrative areas of the TU Vienna ("TUaccount") as well as for private access to e-mail and cloud services outside the TU Wien, should be different in each case.

Pharming is a phishing variant in which a user who wants to visit a certain website is redirected unnoticed to the manipulated server of the attacker. Here, too, data is tapped and accounts are abused with their help.

Phishing is the term used for e-mails that purport to come from a known person (e.g., the head of the service unit of HR Administration) or another trustworthy institution (e.g., TU.it) and redirect the recipient through a link in the e-mail to a fake, but often very credible-looking website on which he or she is usually supposed to "confirm" his or her access data, but by which he or she actually passes on his or her access data to unauthorized persons in the first place. Depending on the associated service, these compromised accounts are then used to send spam mails, hack IT systems, make purchases or even transfer money.

Phoraging is the process of assembling detailed profiles of individuals from tiny bits of information obtained from various sources (social media, phishing attacks, computer viruses). The data is then misused for a targeted attack.

This is malware that locks a computer, encrypts the data stored on it and demands a ransom for the release. The user can no longer access the data unless the request for payment is complied with. These attacks can be prevented by creating backups. In the event of an infection, the computer should be disconnected from the power supply immediately.

The term spam is used to describe unsolicited e-mail messages and newsgroup articles sent en masse. In detail, a distinction is made between

  • UBE (unsolicited bulk email): e-mail not specifically ordered, sent in large quantities.
  • UCE (unsolicited commercial email): commercial advertising by e-mail not expressly ordered.
  • ECP (excessive crosspost): article published ("posted") in an inappropriate number of newsgroups.
  • EMP (excessive multipost): posted in an inappropriate number of identical articles in one or more newsgroups.

Further information can be found under the following link: https://www.it.tuwien.ac.at/en/services/advisory-services-and-service-desk/advisory-services/it-security/spam.

Trojan refers to a seemingly harmless program with a hidden damaging function: a virus, worm, spyware or ransomware. The purpose of most Trojans is to smuggle harmful programs onto the PC, which spy out and transmit sensitive data such as passwords for home banking or mail accounts, credit card numbers and the like unnoticed. So-called backdoor Trojans are a particularly dangerous form of Trojan horse. These are auxiliary programs through which a hacker can access other people's computers.

A user needs at least two of three authentication factors (proofs of identity) to be successfully authenticated by an authentication server.
First factor - something I know: e.g. the combination of username and password.
Second factor - something I have: e.g., a cell phone, security token, or smart card.
Third factor - something I am: e.g. biometric factors such as fingerprint or my face.

Username:

  • The username of the upTUdate account. If this contains an "@", only the part before this character must be entered.
  • The generic email address of the form firstname.[middle part.]Nachname@tuwien.ac.at. The part starting with the "@" can be omitted.

Initial Assignment: https://login.tuwien.ac.at/passwort/mitarbeiter, opens an external URL in a new window
Change: https://login.tuwien.ac.at/passwort/mitarbeiter, opens an external URL in a new window
Access/Services: Online Account Management, SSO

Username:
first letter first name + first 7 letters last name @tuwien.ac.at
Initial Assignment:
https://login.tuwien.ac.at/passwort/mitarbeiter, opens an external URL in a new window
Change:
https://login.tuwien.ac.at/passwort/mitarbeiter, opens an external URL in a new window
Access/Services:
Exchange-Postfach, TUownCloud Zugriff, TUproCloud Zugriff, TUfiles Zugriff, TUhost Konsolenzugriff, TUwiki Zugriff, Ticketsystem, TUinsight Zugriff

A computer virus spreads from PC to PC by infecting files or data media with its program code. Unlike a worm, a virus always requires the assistance of the computer user to become active.

Worms spread independently within a network, without directly infecting files and practically without user intervention. They prefer to travel across the Internet as e-mail attachments, where they find optimal conditions. At best, their goal is to multiply endlessly and occupy memory resources - thus reducing the computing power of an infected PC. Worms have already paralyzed entire networks in the past.