It is evident that all information/data and the way in which it is processed have value and therefore also need to be protected.
The Max Weber Foundation (MWS) has a legal mandate and thus a duty to promote academic contacts between Germany and the host countries. In order to do that it operates institutes there that conduct academic research, offer libraries and organise events. This legal mandate determines the importance and need for protection of the aforementioned data and processing.
The MWS is subject to the constitutional obligation of proper administration and the applicable German and respective host country laws, both internally and externally. Administrative laws and data privacy protection determine the need for protection of administrative data.
Information technology is the central technical and infrastructural element for fulfilling these obligations. In the past, the MWS institutes operated completely independent IT networks. This is changing for practical and financial reasons. As IT networks become increasingly intertwined, the requirements for IT security are also increasing.
IT security serves to systematically and practically secure information (data), processing procedures and the infrastructure used for this purpose. This protects the tasks, data, employees, partners and guests of MWS.
MWS has adopted an IT security guideline for this purpose. It defines responsibilities and procedures for compliance with IT security that are binding for all institutes, employees and users.
MWS offers all its employees electronic training on IT security.
As a German federal institution, MWS implements the BSI's IT baseline protection. The person responsible at MWS decides on the respective protection requirements and how to secure them in accordance with IT baseline protection. IT security at MWS is indivisible. Overall responsibility requires and justifies overall decisions. To implement the IT security process, each MWS institution has an IT security officer who supports those involved and monitors compliance with the necessary measures set out in the IT-Grundschutz. The MWS IT security coordinator bundles, supports and monitors these activities in the institutes.
As a German scientific representative abroad, MWS is in the spotlight of a wider public as well as opponents of the Federal Republic of Germany, which also means attacks on its IT infrastructure. In the case of attacks on premises, the situation in the host country plays a role, but this is no longer the case for attacks via the internet: origins and targets are global. MWS works with external service providers at various levels to secure its data, employees and partners. MWS secures its own IT infrastructures using its own staff and service providers in a hybrid manner in line with state-of-the-art technology and protection requirements.
MWS is subject to the requirement of economical budget management. Where protection requirements and risks are uniform, this results in an obligation not to expend human and financial resources multiple times on securing the IT infrastructure and MWS's internal IT security controls, but rather to pool capacities.
MWS complies with these requirements.
Email address: it-sec[at]maxweberstiftung.de