How to protect your information?
At Tilburg University we take all kinds of measures to secure our information. You also have a responsibility in this. You can read here what this responsibility is and how to put it into practice.
Information security policy
At Tilburg University we are doing our level best to protect information and to ensure the continuity of our processes. In this way, we prevent information from being lost, from becoming public knowledge, and from being unavailable. Our information security policy describes the basis principles for this.
What can I do as an employee?
In the portal you will find more information about what you, as an employee, can do yourself to handle information securely.
What responsibilities do I have as a supervisor?
Monitor processes in your team
You do this by:
- Assessing the risks. Classify the processes based on the CIA Triad.
- Conducted a security check when a new application is concerned or a modification of an existing one.
- Take measures in the event of security risks, based on the CIA Triad.
- Sign the Risk Acceptance Form if you decide NOT to take any measures in case of HIGH-risk security issues. The CISO will submit this decision to the Executive Board.
Lead by example
It is important that you as a supervisor encourage and stimulate safety awareness among staff. This begins with consciously given a good example.
You can stimulate awareness by paying attention to information security in team meetings and informing team members of relevant activities, e.g. the Digital Safety at Work training.
Decide what risks are acceptable
You decide what risks are acceptable by finding the optimum compromise between measures on the one hand and the resulting limitations for the process, on the other.
If you decide NOT to take any measures in case of HIGH-risk security issues, sign the Risk Acceptance Form. The process description of Risk Acceptance can be found here.
Advice and support by the CISO-office
The CISO-office is the first point of contact for advice and support of information security and consists of a Chief Information Security Officer and several Information Security Officers. The CISO-office is concerned with implementing the information security policy and supervising its execution. You can contact them for advice and support for classifying security risks, taking security measures and creating awareness about information security.
Contact at firstname.lastname@example.org.