Blogginlägg -

Swedish National Audit Office: This is how we in practice can create a safer Sweden and safer citizens

The information security in the state administration is not at an acceptable level according to a report from The Swedish National Audit Office, Riksrevisionen. These flaws can have serious consequences for society.

Here are ten steps to effectively secure Swedish authorities - and also protect Swedish residents while making authorities more accessible to citizens.

1. Create traceability - who has done what in public IT systems? Find a balance between monitoring of employees and citizens and the effect of it.

2. Determine which users have access to which IT systems, and what kind of systems have access to other systems. For example: Which alarm systems can communicate with other systems and can certain medical devices talk to other systems or appliances?

3. Define and control what kind software may be used. Old software is always less secure than newer versions.

4. Use a good management system that monitors compliance.

5. Find the right level of IT security. It is entirely dependent on what kind of information is being processed. Military and intelligence data must be kept safe from intruders while information contained in other state authorities should be properly classified and publicly available.

6. Don’t forget the life cycle management of IT systems, staff and hardware. If a public employee is leaving a position and the computer is sent to destruction but is still valid in the system, it is easy for unauthorized persons to use the computer to log on to the authority’s internal IT systems.

7. Use technology that simplifies and speeds up tedious and time-consuming procedures. Poor usability is making users fail to follow the security procedures.

8. Handle identities in an automated and secure way. Passwords can easily be used by unauthorized persons while physical ID cards or card readers often are too complicated to use. Solutions like mobile BankID enhance compliance with safety procedures because the solution is simple and easy for the user.

9. And do not forget that IT security is an investment - not a cost. Modern history is full of very costly and dangerous intrusions.

10. In addition: in the same way as a good environmental performance can boost your reputation, cybersecurity can be used as a confidence gauge. Who wants to go to a medical center that is messing with the patient's medical record or who trusts an authority that is careless with personal information?

/Fredrik Åhgren

Product specialist, Nexus

Read our other blog posts

Ämnen

  • Datasäkerhet

Kategorier

  • rapport
  • identitet
  • säkerhet
  • riksrevisionen

Regioner

  • Dalarna

Kontakter

Relaterat innehåll

  • Kristinehamns kommun höjer säkerheten med dynamisk identitetshantering

    Många medarbetare inom Kristinehamns kommun hanterar känslig information, t ex inom skola och vårdomsorg. Med neXus dynamiska plattform för fysisk och digital identitetshantering får kommunen fullständig kontroll på vilka som får röra sig i kommunens lokaler och därtill ha åtkomst till kommunens nätverk.

  • Sex teman driver identitetshantering under 2016

    För neXus, internationellt ledande leverantör av säkerhetslösningar och -tjänster, är identiteshantering det centrala temat i sammanhang med IT-säkerhet under 2016. Ansvariga för detta är trender så som den fortsatta flexibiliseringen av arbetslivet, nya typer av kundkommunikation och det växande antalet cyberangrepp.

  • Nexus gör Huddinge kommun till pionjär för Svensk e-legitimation

    ​Huddinge kommun möter E-legitimationsnämndens högt ställda krav och blir först i Sverige med att utfärda e-legitimationer, i egen regi, till anställda. Kommunens anställda får legitimationer med kvalitetsmärket Svensk e-legitimation, vilka kan användas i tjänsten för säker interaktion mellan myndigheter och medborgare.

  • Go out and play

    The number of connected devices is expected to exceed 20 billion by 2020. At the same time McKinsey estimates that faulty cybersecurity solutions related to this will cost organizations more than 3 trillion dollars by the same year.

  • You need a CISO, now!

    You need to have a chief security officer. There are no room for excuses anymore. And lots of companies have introduced it, calling it CISO, Chief Risk Officer or Data Security Officer for example.

  • The future of eID

    eID is an electronic identification solution for citizens and organizations, accessing services by banks, government authorities and other companies.

  • Sambi, not samba, makes the Swedish healthcare systems dance together

    For those of us who follows the Swedish healthcare sector, we recognize there is no lack of challenges. Stressful environments for the staff, legacy systems that needs to be updated and increasing demands from patients for eServices and seamless integration between caregivers.
    That is why the federation Sambi is so important. It is a joint technical infrastructure for the Swedish healthcare sys

  • Digital innovation on the way – prepare for eIDAS

    Soon the new EU regulation eIDAS will become enforceable and countries all over Europe have a fairly short time to adapt. For instance, all Swedish governmental e-services must be ready for foreign electronic signatures by September 2018. So while you have some time to adapt, there is no time to waste before starting the process.

Relaterade event

Fyll i din epostadress för att följa Nexus Group

När du väljer att skapa ett konto och följa ett nyhetsrum kommer dina personuppgifter behandlas av oss och av ägaren av nyhetsrummet för att du ska kunna motta nyheter och uppdateringar enligt dina bevakningsinställningar.

För att läsa mer om detta, var vänlig läs vår Integritetspolicy som berör vår behandling av dina personuppgifter, och Integritetspolicy för Contacts som berör behandlingen av dina personuppgifter från ägaren av nyhetsrummet du följer.

Vänligen notera att våra Användarvillkor gäller alla våra tjänster.

Du kan dra tillbaka ditt samtycke när som helst genom att avregistrera dig eller genom att ta bort ditt konto.
Kolla din inkorg

Mejl skickat till __email__. Klicka på länken i mejlet för att följa Nexus Group.

Okej