Informasjonssikkerhet for ansatte
Information Security
at NTNU
NTNU is daily a target by digital attacks, from many different sources. These threats are becoming more serious, both in Norway and around the world. To protect our information, all students and staff must help by building good security habits and staying aware of digital risks.
Best Practices and Tools for IT Security
When you work or study at NTNU, you have a daily responsibility to reflect on your actions and how you handle information. Use these tools to ensure good information security.
- Training Course in Information Security (Mandatory for all users at NTNU).
After activating your user account at NTNU, you will receive an email with a link to the course. The course is mandatory to ensure that everyone at NTNU shares a common foundational level of knowledge about information security and how to protect NTNU’s assets. - From Sikresiden.no - Preventive training in security
What should you store, and who should have access to the information you store?
NTNU offers a range of services for storing, sharing, and collaborating on information.
- Refer to the Data Storage Guide when working with research data.
- Visit the topic page on storage and collaboration when working with teaching or administrative tasks
Information security while travelling involves protecting digital devices and data from unauthorised access, loss, or damage. It is important to be aware of the risks and take precautions to minimise them.
Here are some measures you can take to improve information security while travelling:
You must classify the information you handle in order to choose the appropriate storage solution. All information requires different levels of protection, and it is your responsibility to assess this. The Policy for Classification of Information Assets explains how to categorise information based on its sensitivity.
NTNU uses the following confidentiality classification levels – each with a corresponding colour code:
- Open (green): May be shared freely
- Internal (yellow): Access limited to internal users
- Confidential (red): Access restricted to authorised individuals
- Strictly Confidential (black): Requires special protection and control
If you process personal data in your work, you must also familiarise yourself with the Policy of Processing of personal data and relevant legislation.
See the Privacy and GDPR overview page at NTNU for more information.
Systematic Review of Potential Risks
What could go wrong? Are existing measures sufficient, or does the unit need to implement new ones?
Information Security Management System
NTNU works systematically with information security. This work is governed by a dedicated management system that outlines what we must do and how we must do it. The system is based on the international ISO 27000 series standard and ensures that we continuously work to protect information.
The management system consists of three main components:
- ICT Regulations
The legal framework - Policy for information security
NTNU’s overarching goals and principles - Topic specific policies
Specific rules and advice on how staff and students should handle information securely
Other Governing Documents
Contact
Digital Security Section