Information Security Department
In an evolving threat environment, the Information Security Department safeguards the information assets of the canton of Zug with effective measures. As a part of the Information Security Department, the IT Security Department protects the IT systems and electronic information.
Contact
Amt für Informatik und Organisation
Information Security Department
Information is the primary resource of the digital age. It is collected, analyzed and exchanged, often unbeknownst to the person concerned.
Processing the sheer volume of data generated today is impossible without information and communication technology (ICT). Handling the data provided for processing responsibly is crucial, regardless of where and how this data is processed.
In a constantly evolving threat environment, the information security department protects the information assets of the Zug cantonal administration with effective measures. These measures serve to maintain confidentiality, integrity and availability of this information.
The basis of the information security policy of the cantonal administration of Zug is the Ordinance on Information Security of Personal Data (VIP, BGS 157.12) It outlines the procedures and responsibilities for safeguarding personal data processed electronically or with other methods. The ordinance aims to protect personal data, in particular against:
- accidental disclosure, destruction or loss of data
- technical errors
- unauthorized access
- unauthorized processing
- forgery, theft or unlawful use
Security Board
The Security Board, a body within the Zug cantonal administration, oversees and coordinates the information security policy at the cantonal level. The Chief Information Security Officer (CISO) heads the Security Board.
The Security Board advises and collaborates with public bodies on all matters related to information security. The Board guarantees adequate regulation in the area of information security and supports IT organizations in implementing security requirements. The Security Board also issues directives on information security, decides on countermeasures against cyberattacks, commissions security audits, and checks compliance with requirements.
Fact sheets and Awareness Program
The fact sheets on information security (see below) must be followed by employees of the cantonal administration, the municipalities, the courts and the cantonal schools, and temporary employees and persons working for the canton. The fact sheets provide guidance and support to employees in securely using information and communication tools when processing personal data in the canton of Zug.
The fact sheets also apply to employees of civic, church and corporate organizations and institutions when they are contracted to perform public services.
The fact sheets cover the following topics:
- Secure data handling
- Password
- Internet
- Mobile devices and data carriers
The fact sheets are also summarized in a flyer ‘Key information at a glance’ (see below).
Based on the information security fact sheets, there is an e-learning course (only accessible to registered users). As per the Government Council resolution of December 10, 2013, all employees of the cantonal administration, the courts, the municipalities, the canton's public institutions and third parties with a service agreement with the Zug cantonal administration must successfully complete the course including a final test within three months of joining. The course needs to be taken again every two years.
IT Security Department
The IT Security Department, a part of the information security department (regulated in the information security management system), focuses on protecting electronic data and IT systems. However, information and IT systems can be protected by ensuring that only authorized users can use the systems and data needed for their work. IT security is always compromised when there are vulnerabilities that allow attackers to have unauthorized access to information.
We at the Office for Information Technology and Organization are responsible for:
- detecting and closing security gaps early through effective vulnerability management,
- detecting and averting attacks on the cantonal IT infrastructure early,
- protecting sensitive IT systems against access by unauthorized third parties,
- ensuring that information and IT systems are available,
- ensuring that information is not changed or deleted without being noticed,
- continuously improving the quality of information security processes,
- ensuring compliance with information security regulations and legal requirements and
- continuously and sustainably reducing IT security risks.
We at the Office for Information Technology and Organization demonstrate that our information security management system meets the requirements of the standard with regular ISO 27001 certifications.
Information Security ISO 27001 Certification
We have maintained ISO 27001 certification since 2013.
This certification is proof from an independent body that we have a comprehensive and effective information security management system (ISMS) and can manage IT security risks, thereby ensuring the protection of confidential data against disclosure, loss and misuse.
Every two years, we review or recertify our compliance with the requirements and processes.
IT security ISO 27001 (certificate)
Chief Information Security Officer (CISO)
Downloads
Certificate: IT security ISO 27001