New regulations on information security
On 1 October, updated regulations came into effect for public authorities’ information security that affect the University. The new requirements are considerably stricter and more detailed than the previous version and are in line with the Government’s remit to the Swedish Civil Contingencies Agency (MSB).
MSB’s regulations cover, among other things, requirements for security measures to:
- Ensure that staff process information in a secure way
- Impede unauthorised access to information on the public authority’s premises
- Manage incidents and events
- Maintain continuity during incidents and crises
In parallel with these updated requirements, completely new regulations come into effect on security measures in information systems for public authorities. Here, MSB clarifies security measures that public authorities are to take in their technical IT environment and that a risk analysis is to be carried out to assess whether further security measures are to be introduced.
What does this mean for Lund University?
The University’s work on putting new working methods and procedures in place to protect information and data is proceeding after a restart last year. In the next few months, Chief Security Information Officer, CISO will, among other things, invite faculty managements and managers to an introductory meeting. The aim is to introduce and create a consensus for a new systematic and risk-based working method and support for helping the organisation. Secure processing of information and data is a condition for high quality in both research and education. Threats and risks are increasing rapidly and the demand for help and support is already considerable.
Chief Information Security Officer, CISO
E-mail: ingegerd [dot] wirehed [at] ldc [dot] lu [dot] se