Search

Security Operations Center

The Security Operations Center (SOC) is a new central component of information security at the GWDG. The aim of the SOC is to especially protect Georg-August-Universität Göttingen, the Max Planck Society and their affiliates and their (IT) infrastructure (systems, networks, applications and data) in cooperation with other partners in Lower Saxony and Germany from negligent or abusive use of their resources.

Security for science – together we are stronger: from detection to resolution.

Core tasks

  • Systematic monitoring to identify and detect vulnerabilities and threats
  • Responding to detected threats to minimise damage and, in the best case, prevent damage before it occurs (e.g. using malware and virus detection)
  • Prevention to raise employee awareness of information security risks

Services

  • Vulnerability scans
  • Event and incident monitoring
  • Incident response coordination
  • Consulting
  • Information security reporting

You can find all currently available information and IT security services in our service catalog.

Have you noticed something suspicious?

A fake e-mail, a strange attachment, an unexplained system failure, a missing device, or a data leak? Please report it – We are here to help protect you and everyone else in your organisation.

How to reach us

  • Weekdays from 9.00 am to 5.00 pm by telephone (for IT managers): (0551) 39-30500
  • During non-peak hours, you can reach us by calling the GWDG support line at (0551) 39-30000.
  • General questions about IT security: soc@gwdg.de
  • Report Phishing: support@gwdg.de
  • In the event of a (suspected) information security incident: inciden@gwdg.de

What exactly is a security incident?

A security incident is an event that compromises or could compromise the information security (confidentiality, availability and/or integrity) of data, information, business processes, IT services, IT systems, IT applications and the (data centre) infrastructure. This includes:

  • Loss or theft of devices, data carriers or (accidental) disclosure of confidential information (this also applies to private mobile phones on which selected business applications may be used)
  • Discovery of malicious programs on your device, unusual behaviour of the device, or the device no longer functioning
  • Blackmail or coercion – to disclose confidential information or disregard rules, requests for information by strangers (in person, by telephone or email) or ‘suspicious’ persons who are in protected areas
  • Discovery of devices and/or objects that are suddenly and unexpectedly present on your premises (other computers, USB devices, cables, boxes, etc.)
  • Successful attack via malicious email: links were clicked, files were opened or information was shared.
  • Unauthorised persons are in areas of the building to which they should not have access (this applies in particular to the office wing and the data centre wing).
  • Security vulnerabilities in software or web applications

In each of these examples, at least one of the three objectives of information security is compromised

  • e.g. if the confidentiality of personal data, research data or shareholder/company data is violated
  • e.g. if data/information has been unlawfully altered (integrity)
  • e.g. if systems/applications/infrastructure have been deleted, destroyed or their accessibility permanently or temporarily restricted (availability)

Why is reporting important?

  • You protect others: an incident that you report can protect many others from harm.
  • You help research: sensitive data (e.g. patents, research data) is better protected.
  • You strengthen the security culture: every report shows that security matters to all of us.

What happens after the report?

  • We review your report.
  • We will let you know what happens next.
  • We take immediate action.
  • We document and analyse to prevent future incidents.

What information helps with classification when reporting? If possible, answer the classic W questions. This provides us starting points for further enquiries.

  • What? – e.g.: What happened? What did I see/observe/notice/…? What (system/building/information, etc.) is affected?
  • Who? – e.g.: Who is reporting or which person(s) is/are affected?
  • When? – e.g.: When did it happen/when was it observed or noticed?
  • Where? – e.g.: In building …/ On floor … /in the … wing/in office …
  • How? – e.g.: How did the incident manifest itself? Missing …, damage/destruction of …, unusual behaviour by person/system…