Wikier

Information security

Information security - topic specific policies for Information Security

Norsk versjon: Informasjonssikkerhet - retningslinjer

Policies for different areas of application

The objectives of the Policy for information security are achieved through active work within organizational, human and technical action areas. The management system for information security safeguards the identified action areas and who has different responsibilities within each of them, through clear policies. Many of these policies are of an IT technical nature, and are assigned to the IT manager at NTNU as responsible for implementation. Other policies are more organizational and human-oriented, and deal with processes such as deviations, risk management and classification of information. All employees have a duty to participate.

All work on security culture and training will be in accordance with the internal requirements that the policies impose on managers and employees. The purpose is to make the management line better equipped to have an overview and control over their own information assets, and employees better able to safeguard the information security of these in their work processes and in their communication flow.

Topic specific policies for Information Security

The documents were approved by the Director of Organization and Infrastructure on 12 June 2023.

Policy for Access control

Policy for Classification of Information Assets

Policy for Cryptographic controls

Policy for Cyber security culture and training

Policy for Digital Incident Management and Disaster Recovery

Policy for Discrepancy Reporting and Discrepancy Processing in Information Security and Privacy

Policy for Information Security in Supplier Relations

Policy for network and information transfer

Policy for Operative Security

Policy for Risk management in information security

Policy for Securing Personal ICT Equipment

Policy for the processing of personal data

Contact information

Digital Security Section (security@ntnu.no)

Child Pages (11)

  • Access control - policy

    Policy for Access Control. Download pdf of the policy for access control Norwegian version - Retningslinje for tilgangskontroll Innholdsfortegnelse [-] Purpose Applies to General Principles...

  • Cryptographic controls - policy

    Policy for cryptographic controls. Download pdf of the policy for cryptographic controls Norwegian version - Retningslinje for kryptografiske kontrollere Innholdsfortegnelse [-] Purpose Applies to...

  • Cyber security culture and training - policy

    Policy for Cybersecurity culture and training. Download pdf of the policy for cybersecurity culture and training Norwegian version - Retningslinje for arbeid med sikkerhetskultur og opplæring...

  • Digital incident management and disaster recovery - policy

    Policy for Digital Incident Management and Disaster Recovery. Download pdf of the policy for Digital Incident Management and Disaster Recovery Norwegian version - Retningslinje for digital...

  • Discrepancy reporting and discrepancy processing in information security and privacy - policy

    Policy for Discrepancy reporting and discrepancy processing in information security and privacy Download pdf of the policy for Discrepancy reporting and discrepancy processing in information...

  • Information security in supplier relations - policy

    Policy for information security in supplier relations Download pdf of the Policy for information security in supplier relations Norwegian version - Retningslinje for informasjonssikkerhet i...

  • Network and information transfer - policy

    Policy for network and information transfer. Download a pdf of the Policy for network and information transfer Norwegian version - Retningslinje for Nettverks- og informasjonsoverføring...

  • Operative security - policy

    Policy for operative security. Download pdf of the Policy for operative security Norwegian version - Retningslinje for operativ sikkerhet Innholdsfortegnelse [-] Purpose Applies to General...

  • Processing of personal data - policy

    Policy for processing of personal data. Download a pdf of the policy for processing of personal data Norwegian version - Retningslinje for behandling av personopplysninger Innholdsfortegnelse [-]...

  • Risk management in information security - policy

    Policy for risk management in information security Download a pdf of the policy of risk management in information security Norwegian version - Retningslinje for risikostyring for...

  • Securing personal ICT equipment - policy

    Policy for securing personal ICT equipment Download a pdf of the policy for securing personal ICT equipment Norwegian version - Retningslinje for sikring av personlig IKT-utstyr Innholdsfortegnelse...