Ensure compliance with current laws, regulations and guidelines.
Comply with requirements for confidentiality, integrity and availability for employees, students and other users.
Establish controls for protecting information and information systems against theft, abuse and other forms of harm and loss.
Motivate administrators and employees to maintain he responsibility for, ownership of and knowledge about information security, in order to minimize the risk of security incidents.
Ensure that is capable of continuing their services even if major security incidents occur.
Ensure the protection of personal data (Privacy).
Ensure the availability and reliability of the network infrastructure and the services supplied and operated by.
Comply with methods from international standards for information security ISO/IEC27001.
Ensure that external service providers comply with information security needs and requirements.
Ensure flexibility and an acceptable level of security for accessing information system from off campus.
Current Business strategy and framework for risk management are the guidelines for identifying, assessing, evaluation and controlling information related risk through establishing and maintaining the information security policy (this document). It has been decided that information security is to be ensured by the policy for information security and a set of underlying and supplemental documents. In order secure operations at even after serious incidents, shall ensure the availability of continuity plans, backup procedures, defense against damaging code and malicious activities, system and information access control, incident management and reporting. The term information security is related to the following basic concepts:
Confidentially: The property that information is not made available or disclosed to unauthorized individuals, entities or processes.
Integrity: The property of safeguarding the accuracy and completeness of assets.
Availability: The property of being accessible and usable upon demand by an authorized entity.
Some of the most critical aspects supporting activities are availability and reliability for network, infrastructure and services. Practices openness and principles of public disclosure, but will in certain situations prioritize confidentiality over availability and integrity. Every user of information systems shall comply with thus information security policy. Violation of this policy and of relevant security requirements will therefore constitute a breach of trust between the user and may have consequences for employment or contractual relationships.