You are here: Homepage » The Competence Network » Subprojects » Telematics » Security Concept

IT-Security Management

Objective

The computer-assisted processing and storage of personal data typical for medical research networks requires a multitude of precautions in order to meet the high requirements of data protection and data security. One goal must therefore be the initiation of an IT security management process (Illustration 1), whose substantive task is the creation and implementation of a security concept for the Competence Network's communications center to permanently maintain the desired level of security.

Result

A significant result has been the creation of a security concept for the Competence Network's communications center , based on recommendations in the Information Technology Security Evaluation Manual of the German Federal Office for Information Security (BSI). This comprises the

  • development of a multi-level data protection/security concept
  • creation and installation of the technical infrastructure (firewall, backup)
  • preparation of a concept for general data security
  • documentation of the hardware and software environment, incl. all settings
  • development of a maintenance, care and support concept for routine operation
  • creation of a concept for encrypted data transfers
  • specification of a multi-level access check for the network's services and data

Components of the Security Process per the IT Security Evaluation Manual

The security measures recommended by the BSI have been expanded with regard to the processing, storage and transfer of personal data, and adjusted accordingly to the special requirements of the Competence Network's communications center.

By implementing the security concept, the necessary level of security was attained and documented. The consistent advancement of the IT security process and regular revisions and update checks will guarantee that this high level of security is maintained continuously.

Over various qualification stages (internal and external auditing) a certification will be sought for the level of security achieved. In an initial step the certification was achieved and documented for entry stage A.

Modules of the Security Concept

Future Prospects

The communications center's documented high level of security would have a positive influence on the security-related competence and trustworthiness of the entire Competence Network. In addition the concept developed for the communications center on the Leipzig site serves as a template for the development of individual IT security concepts for trial centers and other sub-projects of the Com­petence Network Malignant Lymphoma. These security measures form the basis of the Com­petence Network's data security concept. Further on, the implementation of a Public Key infrastructure is planned.

Project team:

Dr. Wolfgang Dolak
 Ronald Speer

Project management:

Prof. Markus Löffler

Contact address:  

IMISE, Universität Leipzig, Liebigstr. 27, 04103 Leipzig
Phone: 0341 97 16104, Fax: 0341 97 16130
E-mail: E-Mail-Adresse

Navigation

The Competence Network

  1. Completed projects
  2. Associated Projects
  3. Documentation Project
  4. Quality Management

Foerderer, Partner und Zertifikate

Bundesministerium für Bildung und Forschung,

Organisatorisches

  1. German Version
  2. Newsletter
  3. Events
  4. Press
  5. Brochures
  6. About us