Information classification - Work in progress

Information security aims to secure that risks, disturbances and threats directed towards university information resources are identified and handled to minimize negative consequences regarding availability, confidentiality and accuracy.

Information classification is the basis to give information the necessary protection. Information is classified by the function and importance it has and the consequences that will occur if the information is improperly handled, disappears, end up in the wrong hands, corrupted etc.

Risk and threat scenario analyses (rev. 2018-02-13).
Risk analyses gives the opportunity for a structured analysis of factors that might cause disturbances, as well as help selecting alternative methods to reduce risks.

See also our short nanolearning on information classification and analysis or the presentation from our workshop (2018-03-08)

• Instructions to evaluate information classes (PDF) "Bilaga 2" (Rev. 2018-02-08)
  Information classification is the bases of all information security. To know how to protect the information one must know what information is being processed. 
• Kravanalys (Excel) - the current state of the system. "Bilaga 3" (Rev. 2018-02-20)
• Konsekvensanalys (Word) Bilaga 1 (Rev. 2018-01-24)
• Riskanalys (Excel) Bilaga 4 (Rev. 2018-02-12)
• Mall för åtgärdsplan (Word) - slutrapport. Bilaga 5 (Rev. 2018-02-12)
• Mall för informationsklassning (Word) Bilaga 6 (Rev. 2018-02-13)
• Flödeschema för genomförande/rapportering av informationsklassning och kravanalys (PDF) Bilaga 7 (Rev. 2018-02-12)

Rutiner för säker informationshantering (PDF), inkl användning av molntjänster (Rev. 2018-03-23)

Instructions for information classification (PDF). With the instructions come:

• Instructions to evaluate information classes (PDF)
• Form for information classification

Risk and threat scenario analyses

Risk and threat scenario instructions. With these instructions come:

• Instructions for security and vulnerability analyses (PDF)
• Security and vulnerability form (PDF)

Self control checklists for IT-systems

Instructions on how to work with the checklist. With the instructions come:

• Checklist
• Finished report form
• Action plan

IT security

Information regarding technical security, system configurations, how to protect your computer, malware, how to report IT security incidentes etc.

Risk management

Risk management process with yearly reports

Information - written, spoken, in electronic form, all kinds of research data, examinations etc - is an asset that, like physical properties and personnell is vital to to maintain the university activities.

Content owner: Veronika Berglund 20 september 2018