Basic steps in information security
On this page, you can learn about four essential steps for classifying information and identifying risks and appropriate measures. By following these steps, you contribute to safe and secure information management at KI.
In order to achieve a balanced and appropriate level of information security, we need to make informed decisions based on the organisation’s needs and risk assessments. This involves choosing the right solutions and routines without unnecessary cost or complexity.
If you are responsible for, for example, research projects, development initiatives, procurement, IT operations, administration, or the establishment of new collaborative bodies, you must assess the need for security measures.
Four steps to follow:
Classify information
Classify information and other information assets by assessing how important and sensitive they are to the organisation, in terms of confidentiality, integrity, and availability. Learn more about information classification.
Identify and analyse risks
A risk analysis is a structured method for identifying and evaluating risks, and potentially implementing measures related to a specific area, organisation, activity, process, or project. Support materials and templates are available to assist you.
Identify requirements and security measures
Identify, define, and implement appropriate security measures. A support method to help identify suitable security controls is currently under development.
Continuous evaluation and follow-up
To ensure that systems, data, and routines remain secure, we carry out regular evaluations and follow-ups of implemented security measures.
Policy
KI's Information security policy is available on the Swedish version of this page.