At the Zurich University of Applied Sciences security turns into a daily business increasingly more often. Networks, information systems and applications are made much safer. Due to the fact that a lot of new intrusions, viruses and other destructive activities have been publicized and different imitators act as hackers, it is extremely important to be protected against such attacks for any entrepreneur.

This study should show if there are vulnerabilities und how they could be exploited. We launched different attacks on the ZHW Staff Net, a zone we expected to be protected:

• Phishing - Man-in-the-Middle-Attack - WarWalking - Hiding a WLAN Access Point - WLAN cracking - Vulnerability Scan - Keylogging - Redirecting Printers - Switch Hijacking - Social Engineering on the phone

Having performed these attacks we started a vulnerability analysis from the point of view of the ZHW, in which the security gaps are systematically and accurately analyzed. Among other things, the response to a critical incident is looked into.

Because security is not only a feature of technical areas, we analyzed also the organizational aspect of warding off our attacks. IT strategy and IT security are elements of this organization. Furthermore, the available or, in some cases, non-existing policies and instructions of the departments are analyzed. By questioning several IT officials with standardized checklists, a structured overview of the procedures and commonly used processes within the ZHW IT sector could be established.

In the last part of our study, the collected information on the technical and organizational security aspects serve us as input for our recommended measures to eliminate the vulnerabilities and to support the development of an overall ZHW IT strategy.