Information Security
PROTECT YOUR ASSETS
Information constitutes a fundamental building block within an organization, akin to personnel, premises, and equipment. Through systematic efforts in information security, organizations can enhance the quality and trustworthiness of their operations. Adhering to established standards in information security work significantly improves the likelihood of successful outcomes.
Information security is much more than just IT security. It encompasses, for example, authorizations and procedures, and it covers not only data in IT systems but also information in other forms, such as documents, maps, drawings, etc., as well as who has what knowledge. Even such diverse things as physical protection and attitudes toward Protective Security in information security. Work on information security therefore involves introducing and managing administrative regulations such as policies and guidelines, technical protection including firewalls and encryption, and physical protection such as shell and fire protection. It is about taking a holistic approach and creating a functioning long-term working method to give the organisation's information the protection it needs.
Information Security Management System, ISMS according to SS-ISO/IEC 27000
Structured information security work is a prerequisite for robust information security. The Swedish Civil Contingencies Agency (MSB) stipulates in the Act on Information Security for Essential and Digital Services (SFS 2018:1174) and the government has issued an ordinance (2018:1175) linked to this act, requiring operators of essential services to comply with the NIS Directive. This implies, among other things, that “Providers of essential services shall conduct systematic and risk-based information security work concerning the network and information systems they use to provide essential services.”
The Swedish Civil Contingencies Agency (MSB) stipulates in MSBFS 2020:6 Swedish Civil Contingencies Agency's Regulations on Information Security for Government Agencies and MSBFS 2020:7 Swedish Civil Contingencies Agency's Regulations on Security Measures in Information Systems for Government Agenciesr that government agencies shall adhere to the Swedish and international standard series SS-ISO/IEC 27000. This constitutes a management system where the security level is based on a business-specific risk analysis, and where information security efforts follow a clear process.
Government agencies are also obligated to report IT security incidents.
Technical IT Security
Our partner, Säkerhetskontoret, specializes in technically complex analyses, as achieving adequate security necessitates a holistic approach.
When conducting a penetration test, they leverage profound technical knowledge, often delving deeply rather than merely superficial scanning for trivial vulnerabilities. They meticulously review source code, scrutinize architectures, and analyze patent or copyright-protected cryptographic solutions. Should a client experience an intrusion, they can analyze the malicious code to ascertain the attacker's objectives.
Further information is available at informationssäkerhet.se. GovSec can assist you with the implementation of the standards and requirements stipulated in the regulatory frameworks.
