The University is affected on a daily basis by events that negatively affect our information security, but only a very small proportion of all incidents are reported, mainly in IT. However, it is essential that other incidents are also reported in order for the damage to be reduced and remedied and to ensure better security measures can be introduced.
There are legal requirements placed on us as a public authority to handle serious information security incidents. There are also requirements to report certain IT and personal data-related incidents to parties outside the University.
During the autumn of 2020, one new initiative was launched to gradually put in place comprehensive reporting channels, procedures and processes concerning incident management.
This initiative are to help:
- provide support for employees in identifying, reporting, highlighting and managing events and incidents that adversely affect information security
- produce continuous reporting to management and other roles as a basis for priorities and measures
- raise awareness of the importance of information security and the right security culture – "It's OK to report something that has gone wrong"
anders [dot] sj%C3%B6%C3%B6 [at] ldc [dot] lu [dot] se (Anders Sjöö) has been appointed to manage this initiative on behalf of the CISO (chief information security officer). In the long term, the goal is to involve all parts of the University. Anders will invite selected groups, faculties and organisations to take part in the initiatives.