Cyberattacks pose a constant threat: Seven focus areas to improve cybersecurity at AU

Hacking attempts, espionage and data theft. Universities face many cyber threats, which is why AU is stepping up its cybersecurity efforts with a four-year programme that includes seven focus areas. One of them involves fostering a culture of cybersecurity at the university.

A new programme with seven focus areas will improve cybersecurity at AU. Photo: Colourbox

Between now and 2027, AU will ramp up its cybersecurity efforts with a four-year programme and a range of initiatives across all faculties and administrative units. The first initiatives will be launched in May.

The Danish Centre for Cyber Security has assessed the cyberthreat against Denmark as very high, and universities are recognised as prime targets for cyber criminals – research and data are valuable and can be used for harmful purposes if they fall into the wrong hands.

The seven focus areas, which have now been approved by the senior management team, are designed to reduce the risk of serious cyberattacks against the university. They include both technical and organisational measures as well as the recommendation to promote a culture of cybersecurity among staff and students.

Cybersecurity is about technology and behaviour

Deputy director for AU IT, Peter Bruun, emphasises that all members of staff have to play their part to ensure a high level of information security at AU.

“From an IT point of view, we can do a lot to secure AU’s systems and fortify our processes to protect the university against cyberattacks. But cybersecurity is not something we can achieve in the IT department alone. If we want to improve our cybersecurity, we need to make it an integral part of our work processes and have a clear sense of how we can all play a role. Fostering a culture of cybersecurity at the university is therefore one of the central initiatives in this new programme, and it involves everything from how we process data to how we manage our passwords and how we open files,” says Peter Bruun.

The programme will be led by a steering committee made up of representatives from all five faculties, AU IT, AU Student Administration and Services, and AU Research – and the initiatives in the programme will range from specific projects to the ongoing administration of AU systems. 

Each focus area will be scheduled and organised independently.

Risk statements as a management tool

The focus areas have been selected based on a number of risk statements, which have been discussed and approved by the senior management team and approved by the AU Board. These risk statements define the university’s risk tolerance level and describe how security should be balanced against other factors, such as the freedom to use IT equipment to conduct research. University Director Kristian Thorn explains that the risk statements will act as a management tool for the focus areas.

“The risk statements help to describe AU’s risk tolerance level based on some very specific scenarios that include several factors we have to balance, such as academic freedom, which we value highly. AU will have to allocate more resources to IT security in the coming years, both at the academic departments and in the administration, so it’s vital that our expenditure and measures reflect the consequences of the risks we’re facing,” he says.

From May this year, management representatives from the departments and schools, research areas and administrative divisions will be invited to take part in introductory meetings, where the information security department at AU will explain more about risk tolerance and risk statements and recommend ways to manage the programme’s initiatives to increase cybersecurity in practice.

See more about AU's programme for improved cybersecurity (The page is ip protected)