...
General use and awareness
Many of the research results produced will be publicly available. But also sensitive and confidential information pertaining to research, partners and employees are worked on. If these informations would become public, there would be significant damage. So protecting this sensitive information is of highest priority.
IT security has to identify the threats to such sensitive IT resources and determining appropriate technical and organizational measures to protect them.
Since attackers have begun to focus on the weakest link in the security chain: the person sitting at the keyboard have to be trained accordingly.
Over 70% of successful attacks require the active cooperation of the user. Technical measures for IT security only work properly when employees and management use them appropriately and do not wittingly or unwittingly circumvent them.
The training should describe the most important rules, tips and tricks for securely using IT systems by non- IT-security-affin personal and especially make them aware of the risks coming up when using the world wide network.
Developing and maintaining policies and procedures
...