how do i protect my research
TRANSCRIPT
www.gu.se
www.gu.se
The Importance of Information Security in our research.
www.gu.se
The Importance of Information Security in our research.
www.gu.se
The Importance of Information Security in our research.
www.gu.se
The Importance of Information Security in our research.
www.gu.se
The Importance of Information Security in our research.
www.gu.se
The Importance of Information Security in our research.
www.gu.se
MSB – Swedish Civil Contingencies AgencyRegulations on information security at government authorities (MSBFS 2009:10) it states: • government authorities must apply a management system for information
security.
• Agencies should work in a ”structured way”
• Policies and other governing documents
• requirement for authorities to classify their information,
• to identify and manage risks,
• and to continually evaluate and improve their security.
”Good Information Security” is a tool to comply with rules and regulations
www.gu.se
GU:s rules for IT Security
• Everyone is responsible for the security within their role and function.
• Regulations for IT-security are there to support- Rules for use- Information classification- Procurement of systems and system development- Operation and Maintanence- Security Measures for IT equipment and systems
http://www.sakerhet.gu.se/
www.gu.se
Information has many shapes
www.gu.se
INFORMATION CLASSIFICATION-
the first step is to find the right level of security
www.gu.se
• the classification provides guidance for how information should be managed.
• One way to reach ”correct” level of security measures.
• All information does not need the same amount of protection
Why do we need to classify information?
www.gu.se
Criteria for information classification
• Confidentiality refers to the information not being made available or revealed to unauthorised persons.
• Integrity refers to the information not being amended or corrupted unintentionally, or by unauthorised persons.
• Availability refers to the information being available to authorised users when needed.
www.gu.se
www.gu.se
Information Classification• Information classification should ensure that the information is
assigned an appropriate level of protection. Also consider, the consequences if information would be lost, changed, handled incorrectly or end up in the wrong place.
• The owner of the information is responsible for the classification.
• A systemowner is responsible for classifying their system
• Classification is done by the criteria confidentiality, integrity and availability.
www.gu.se
www.gu.se
www.gu.se
How do I protect my information?
• Classify your information and decide access rights
• Save your information on a server that is in a protected environment• Don’t create your own wireless networks
• Protect (lock valuable information when leaving).
• Are there strangers in the premises. Say hello!
• Consider how printers are placed. Could anyone that is not suitable obtain (or read) the information?
• Consider what kind of paper you are throwing in recycle
www.gu.se
The portable information• Do not leave the computer in the car, on the bus and so on.
• Working from home? Use VPN or other secure connection.
• USB, is EASY to loose and forget
• Make sure to backup if you are not connected to the network or central repository.
• Travel security: USA can confiscate your machine in customs.
www.gu.se
Peter Larsson
Information Security [email protected]
Tel 786 4577
http://www.sakerhet.gu.se/
www.gu.se
GU
Extrema organisationer
Stöld avutrustningmm
Ekonomiskbrottslighet
Utlämnande av personuppgifter Missnöjd
anställd/student
Spridning av känslig spets-kompetens
Utförsel av känslig utrustning
Olovlig informations-inhämtning
Risker i arbetsmiljö
www.gu.se
Varförrisk- och säkerhets-
Arbete?
Universitetetsimage
Trygg ochsäkerarbetsplats
Förvaltareav stora värden
Kvalité Kostnadseffektiv
Säker uppdrags-tagare
SäkerSamverkans-partner