IT security at the HZDR

The IT infrastructure is the heart of the research center and an indispensable part of not only office and mobile life but also the large-scale equipment. To protect this sensitive infrastructure against attacks and influences from the inside and the outside is also a central task of IT security and requires a high level of effort. The object of IT security is to identify risks and determine appropriate technical and organizational means of defense. Many scientific results of the Helmholtz-Zentrum Dresden-Rossendorf are publicly available. But several colleagues also edit much sensitive and confidential research, customer, and employee information. It would cause significant damage if they fell into the wrong hands. Therefore, it is of the highest priority to protect sensitive information.

Attackers focus on the supposedly weakest link in the security chain: humans. About 70 percent of the successful attacks require the active assistance of the user. You open an email attachment, click a link, or plug in a USB stick. Therefore, the safety consciousness of the employees is essential for the research center.

At the HZDR an IT security report is being created and reported to the Board quarterly by the IT Security Officer. The principles and responsibilities of the HZDR are documented in the Information Security Guideline. The following websites provide information on services and measures for users and administrators.

Our Security Infrastructure & Consulting

The strategic reports and guidelines are put into practice by our operational security team. The IT Security Consultant serves for the HZDR's core defensive infrastructure. In this role, he holds lead responsibility for the technical safeguards that protect our network and data.

This includes the continuous management and monitoring of our central security systems:

• Network Defense: Administration and hardening of the enterprise firewall.
• Threat Detection: Operating the SIEM platform for 24/7 security monitoring, log analysis, and active threat hunting.
• Proactive Security Testing: Conducting regular vulnerability scans and authorized penetration tests on our external services to identify and remediate risks before they can be exploited.
• Endpoint Protection: Oversight of the antivirus platform to ensure the security health of all endpoints across the center.

This hands-on security management and consulting ensures that our protective measures are not only defined by policy but are actively and effectively enforced.

>>>>>>Report IT security incident<<<<<<

Users

IT security for users

IT security for users (videos)

Administrators

IT security for administrators