Information security

In your work or your assignment – either as an employee, researcher or student – you both produce and have access to large amounts of information and data. It needs to be accurate and available when you need it.

In its role as a public authority, the University has a responsibility to enable and ensure the secure handling and preservation of information. The purpose of information security work is to protect the agency's information, regardless of whether it is handled by individuals or whether it is processed using the university's various IT systems. Citizens, companies and other authorities must feel confident that the University handles and, where applicable, stores its information correctly and securely.

The objective of information security work is to ensure:

Accuracy – information and systems must be in the expected and correct state;
Accessibility – information and systems must be available to authorised users;
Confidentiality – only authorised users should have access to information and systems.
Traceability – that it is possible to follow how and when the information has been handled and communicated.

Deficiencies in information security can mean that you as an individual have problems or delays in your daily work. But the consequences can be greater than that. Systematic and risk-based information security work is required, both at management level and as a natural part of everyone's daily routines, to minimize the risk of incorrect research results or being hit with fines due to violations of the law of, for example, the General Data Protection Regulation. Good information security work is also important in order not to risk violations of the personal integrity of individuals or damaged trust in the University.

Responsibility
Information protection includes digital, written, and spoken information.

The Security Department is responsible for cyber and information security, in collaboration with the IT Division. However, information security is everyone's responsibility. As an employee of the University, you are responsible for ensuring that the information you process is handled correctly and securely. Managers at all levels are responsible for information security in their department and for ensuring that employees take part in information and training to maintain a secure and efficient information supply.

Management
The Board and the Vice-Chancellor are ultimately responsible for information security. The Rector makes decisions on the University's governing documents and information security management systems. It describes how the work is to be conducted and risks are managed at the University.

Staff and students
Each individual employee and student is responsible for handling information and data in a secure manner. This means that you should store and store your documents safely and do not speak loudly about sensitive information on trains or buses, for example. You should lock your computer when you leave it, make sure it is kept up to date and store it in a theft-proof way. The same applies to your service phone, which must be kept up to date and only used for work purposes according to existing guidelines.

Training

Digital information security training for all, Disa, on MSB's website (about 25 minutes) - link to training "DISA"
"Think safe" on MSB's website - link to education "Think safe"
GDPR training for all employees who handle personal data in their daily work. The training is given via Moodle. Click here for the training in Swedish or here for the training in English