Local information security - STEP 1

The activities on STEP 1 focus on identifying critical information and information assets, any threats to those assets, and drawing up an action plan to ensure appropriate measures are in place.


Activities

The activities listed under STEP 1 are minimum requirements. If the risk assessment requires further measures, these will be carried out locally.

  • Clarify what systems and information you have and what threats they face.
  • Document the choices made in connection with the implemented security measures.
  • Plan emergency response initiatives.
  • Prepare and approve a plan for managing information security risks.
  • Manage and evaluate local security incidents.

Dealing with all risk at the same time is not necessarily a good idea. Choose what risks to focus on first, and focus on the others later.

Prior to implementing local information security activities, the unit must have a clear indication of precisely which area the unit covers - particularly if the goal is certification.

The area could be a faculty, a department/school or an administrative unit.