Skip to main content
  • Paul Scherrer Institut PSI
  • PSI Research, Labs & User Services

Digital User Office

  • Digital User Office
  • DE
  • EN
  • FR
Paul Scherrer Institut (PSI)
Search
Paul Scherrer Institut (PSI)

Hauptnavigation

  • Our ResearchOpen mainmenu item
    • Current topics from our research
    • Future Technologies
    • Health Innovation
    • Energy and Climate
    • Fundamentals of Nature
    • Large Research Facilities
    • Brochures
    • 5232 — The magazine of the Paul Scherrer Institute
    • Research Divisions & Labs (only english)
  • IndustryOpen mainmenu item
    • Overview
    • Technology Transfer
    • Expertise
    • Spin-off Companies
    • Park Innovaare
  • Proton TherapyOpen mainmenu item
    • Overview
    • Physician & Patient Information
  • CareerOpen mainmenu item
    • Overview
    • Job Opportunities
    • Working at PSI
    • Personnel Policy
    • Equal Opportunities, Diversity & Inclusion
    • Training and Further Education
    • Vocational Training
    • PSI Education Centre
    • Career Center
    • Support Program "PSI Career Return Program"
    • PSI-FELLOW/COFUND
  • Visit to PSIOpen mainmenu item
    • Overview
    • Visitor Centre psi forum
    • Schülerlabor iLab
    • Public Events
    • How to find us
  • About PSIOpen mainmenu item
    • PSI in brief
    • Strategy
    • Guiding principles
    • Facts and figures
    • Organisational structure
    • For the media
    • Suppliers and customers
    • Customers E-Billing
  • DE
  • EN
  • FR

Digital User Office (mobile)

  • Digital User Office

You are here:

  1. PSI Home
  2. About PSI
  3. Computing
  4. IT Security

Secondary navigation

Computing

  • IT ServiceDesk
  • Services
    • PSI Pocket
    • Videoconference
    • Email
    • Connection and Logins
      • SSH Hop
      • VPN
      • Onsite Internet
      • WLAN
    • Data Transfer/CVS
      • FTP
      • AFS
      • Subversion CVS
    • Items for Rent
  • Security/Regulations
  • IT in der Forschung
  • Quicklinks
  • About Us
  • Contact

IT Security

At PSI, users are responsible to be security conscious and adopt the computing security rules not just to protect their own systems and data, but to help protect the PSI community.

It is essential that you read and comply with the following IT House Rules at PSI. This also applies to guests and users who use PSI computing resources from home or other internet sources.

IT House Rules at PSI1

1. Adhere to applicable rules

  • Inform yourself regarding the applicable rules, especially the Usage and Monitoring of IT Resources at PSI (Rev 1) / Nutzung und Überwachung der EDV-Ressourcen am PSI (Rev 1)
  • Be aware that you are responsible for your actions.
  • Respect privacy of others.

2. Avoid the misuse of systems and passwords

  • Select passwords which are difficult to guess. Keep them secret and observe password rules.
  • Use a password-protected screen saver whenever you leave your workplace.
  • Logout or turn off computers when you are absent or do not need to use the system.

3. Think and act with foresight

  • Make sure virus scanner software is being updated regularly. Never disable such security features.
  • Ensure that systems and applications are updated to current level (patches, updates, etc.).
  • Turn off unnecessary applications and services if you don't need them for your work.

4. Handle information and systems with care

  • Don‘t leave mobile devices (laptop, PDA,GSM, etc.) unattended.
  • Protect important information (such as personal data) from misuse.
  • Regularly backup important data in a safe place.

5. Use only legally obtained (licensed) products

  • Respect copyright and license restrictions of applications and data.
  • Use only programs and data for which you are authorized and for their intended use.

6. Use email and Internet cautiously

  • Never forget that e-mails can include links to unsafe web sites or that email attachments can include potentially harmful programs (Malware).
  • Programs and data downloaded from the Internet should be handled with care and with adherence to contractual terms of the product.

7. Report incidents immediately

  • Consider offenses against integrity and confidentiality as an incident.
  • Report security relevant incidents to the PSI Helpdesk.
  • Report (possible) virus infections to the PSI Helpdesk.

Notes:

  1. based on the IT House Rules at ETH Zurich safeIT / A security awareness program at ETH Zurich.

IT Policies

Policy Type Policy Name
ISSP (Information Systems Security Policy)
  • AW-11-16-01 Weisung zur Informationssicherheit am PSI
  • AW-11-18-01 Aufgaben der Informationssicherheitsbeauftragten am PSI
AUP (Acceptable Use Policy)
  • AW-95-06-01-rev2 Nutzung und Überwachung der EDV-Ressourcen am PSI
Data Classification / Data Policy
  • AW-11-16-01 Weisung zur Informationssicherheit am PSI    
  • AW-11-16-05 Data Policy for PSI Research Data
Roles and Responsibilities
  • AW-11-16-01 Weisung zur Informationssicherheit am PSI
Risk Management
  • RL-11-14-01 Risikomanagement am PSI

 

5 Steps to Work Securely from Home

 

1. You

First and foremost, technology alone cannot fully protect you – you are the best defence. Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data or control of your computer, they’ll attempt to trick you into giving it to them, often by creating a sense of urgency. For example, they can call you pretending to be Microsoft technical support and claim that your computer is infected. Or perhaps they send you an email warning that a package could not be delivered, fooling you into clicking on a malicious link.

The most common indicators of a social engineering attack include:

  • Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline.
  • Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!).
  • A message from a friend or co-worker in which the signature, tone of voice or wording does not sound like them.

Ultimately, the best defence against these attacks is you.

2. Home Network

Almost every home network starts with a wireless (often called Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. Both work in the same way: by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home.

We recommend the following steps to secure it:

  • Change the default administrator password: The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
  • Allow only people that you trust: Do this by enabling strong security so that only people you trust can connect to your wireless network. Strong security will require a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
  • Make passwords strong: The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.

Not sure, how to do these steps?

Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor’s website.

3. Passwords

When a site asks you to create a password, create a strong password: the more characters it has, the stronger it is. Using a passphrase is one of the simplest ways to ensure that you have a strong password. A passphrase is nothing more than a password made up of multiple words, such as “bee honey bourbon.” Using a unique passphrase means using a different one for each device Passwords or online account. This way if one passphrase is compromised, all of your other accounts and devices are still safe.

Can’t remember all those passphrases?

Use a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format (and has lots of other great features, too!). Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts and it’s much easier than you may think.

4. Updates

Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing them by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles or even your car.

Make sure each of your computers, mobile devices, programms and apps are running the latest version of its software.

5. Kids & Guests

Something you most likely don’t have to worry about at the office is children, guests or other family members using your work laptop or other work devices. They can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.

Make sure family and friends understand they cannot use your work devices.

Sidebar

Contact

Service Desk is your single point of contact

  1. Consumer Self Service Portal
    help us to help you better
  2. Email: Contact servicedesk@psi.ch (Attention: you need to confirm that data is complete in CSS)
  3. Phone 4800 resp. +41 56 310 4800

Useful Links

  • General Security Informations (from BSI, German)
  • News about threats (from BSI, German)
  • Home Network Security(CERT Coordination Center, English)
  • safeIT / A security awareness program at ETH Zurich (ETH Zurich, EN/DE)
top

Footer

Paul Scherrer Institut

Forschungsstrasse 111
5232 Villigen PSI
Switzerland

Telephone: +41 56 310 21 11
Telefax: +41 56 310 21 99

How to find us
Contact

Visitor Centre psi forum
School Lab iLab (in German)
Center for Proton Therapy
PSI Education Centre
PSI Guest House
PSI Gastronomie (in German)
psi forum shop

Service & Support

  • Phone Book
  • User Office
  • Accelerator Status
  • PSI Publications
  • Suppliers
  • E-Billing
  • Computing
  • Safety (in German)

Career

  • Working at PSI
  • Job Opportunities
  • Training and further education
  • Career Center
  • Vocational Training (in German)
  • PSI Education Center

For the media

  • PSI in brief
  • Facts and Figures
  • Media corner
  • Media Releases
  • Social Media

Follow us: Twitter (in English) LinkedIn Youtube Facebook Instagram Issuu RSS

Footer legal

  • Imprint
  • Terms and Conditions
  • Editors' login