SIEM at WWU: Information about logging and analysis of data


The WWU-CERT operates a central logging infrastructure for the evaluation of security-relevant events, a so-called Security Information and Event Management System (SIEM). It is used to detect and resolve security incidents and thus to protect the WWU. For this purpose, security-relevant information (e.g., logs) is compiled in the system and analyzed by the WWU-CERT for anomalies with regard to IT security. 
Various personal data are processed in the process, which is why it was decided to introduce the SIEM with the participation of the staff councils. 
The deployment and use of the SIEM is governed by a service agreement
Information on data being processed, storage periods, the technical structure and security measures, among other things, can be found in Appendix 1 of the service agreement.