Information security
Information Security
at NTNU

Best Practices and Tools for IT Security
When you work or study at NTNU, you have a daily responsibility to reflect on your actions and how you handle information. Use these tools to ensure good information security.
- Training Course in Information Security (Mandatory for all users at NTNU).
After activating your user account at NTNU, you will receive an email with a link to the course. The course is mandatory to ensure that everyone at NTNU shares a common foundational level of knowledge about information security and how to protect NTNU’s assets. - From Sikresiden.no - Preventive training in security
What should you store, and who should have access to the information you store?
NTNU offers a range of services for storing, sharing, and collaborating on information.
- Refer to the Data Storage Guide when working with research data.
- Visit the topic page on storage and collaboration when working with teaching or administrative tasks
Information security while travelling involves protecting digital devices and data from unauthorised access, loss, or damage. It is important to be aware of the risks and take precautions to minimise them.
Here are some measures you can take to improve information security while travelling:
You must classify the information you handle in order to choose the appropriate storage solution. All information requires different levels of protection, and it is your responsibility to assess this. The Policy for Classification of Information Assets explains how to categorise information based on its sensitivity.
NTNU uses the following confidentiality classification levels – each with a corresponding colour code:
- Open (green): May be shared freely
- Internal (yellow): Access limited to internal users
- Confidential (red): Access restricted to authorised individuals
- Strictly Confidential (black): Requires special protection and control
If you process personal data in your work, you must also familiarise yourself with the Policy of Processing of personal data and relevant legislation.
See the Privacy and GDPR overview page at NTNU for more information.
Systematic Review of Potential Risks
What could go wrong? Are existing measures sufficient, or does the unit need to implement new ones?
Personal data is all information that can be linked to a person, and is a type of information value that has special requirements for handling.
NTNU has ICT regulations and a policy for information security. The documents form the framework for a management system that describes laws, rules and routines for information security
E-learning course: Information security for managers (in Norwegian)
Contact
Digital Security Section