Blog post -

Swedish National Audit Office: This is how we in practice can create a safer Sweden and safer citizens

The information security in the state administration is not at an acceptable level according to a report from The Swedish National Audit Office, Riksrevisionen. These flaws can have serious consequences for society.

Here are ten steps to effectively secure Swedish authorities - and also protect Swedish residents while making authorities more accessible to citizens.

1. Create traceability - who has done what in public IT systems? Find a balance between monitoring of employees and citizens and the effect of it.

2. Determine which users have access to which IT systems, and what kind of systems have access to other systems. For example: Which alarm systems can communicate with other systems and can certain medical devices talk to other systems or appliances?

3. Define and control what kind software may be used. Old software is always less secure than newer versions.

4. Use a good management system that monitors compliance.

5. Find the right level of IT security. It is entirely dependent on what kind of information is being processed. Military and intelligence data must be kept safe from intruders while information contained in other state authorities should be properly classified and publicly available.

6. Don’t forget the life cycle management of IT systems, staff and hardware. If a public employee is leaving a position and the computer is sent to destruction but is still valid in the system, it is easy for unauthorized persons to use the computer to log on to the authority’s internal IT systems.

7. Use technology that simplifies and speeds up tedious and time-consuming procedures. Poor usability is making users fail to follow the security procedures.

8. Handle identities in an automated and secure way. Passwords can easily be used by unauthorized persons while physical ID cards or card readers often are too complicated to use. Solutions like mobile BankID enhance compliance with safety procedures because the solution is simple and easy for the user.

9. And do not forget that IT security is an investment - not a cost. Modern history is full of very costly and dangerous intrusions.

10. In addition: in the same way as a good environmental performance can boost your reputation, cybersecurity can be used as a confidence gauge. Who wants to go to a medical center that is messing with the patient's medical record or who trusts an authority that is careless with personal information?

/Fredrik Åhgren
Product specialist, Nexus

Topics

  • Data, Telecom, IT

Categories

  • technology nexus
  • report
  • security
  • identities

Regions

  • England

Contacts

Related content

  • Kristinehamn Municipality boosts security with dynamic identity management

    Many municipal employees handle sensitive data, including within school administration and healthcare. The neXus dynamic platform for physical and digital identity management gives the municipality complete control over who is on the premises and access to the computer network. The solution also ensures that the municipality can easily control which users are authorized for which information.

  • Six themes drive identity management in 2016

    For neXus, the leading global provider of security solutions and services, identity management will be one of the central issues in the context of IT security in 2016. The trends such as continuous flexibilization in the working environment, new forms of customer communication and the growing number of cyber-attacks are responsible for this.

  • neXus supplies service card solutions to municipality of Ale

    Municipality of Ale has negotiated a solution for the production and administration of service cards for all its employees. The management of the municipality wanted all personnel to have secure identification that could also be used for secure login, and for access, print-on-demand etc.

  • Magnus Malmström as Director Software

    Magnus Malmström assumed the role as Director Software at neXus in May 2016. Magnus Malmström has nearly 15 years of experience in Product Management and Product Marketing positions within mobility and secure identities.

  • You need a CISO, now!

    You need to have a chief security officer. There are no room for excuses anymore. And lots of companies have introduced it, calling it CISO, Chief Risk Officer or Data Security Officer for example.

  • The future of eID

    eID is an electronic identification solution for citizens and organizations, accessing services by banks, government authorities and other companies.

  • Securing banking solutions

    ​How can neXus help securing banking solutions for authentication, verification and signatures for the next generation of banking services? Meeting and attracting new customers in a disruptive banking market thru new mobile channels is a big challenge!

  • neXus goes back to school

    ​neXus takes pride in playing an active part in all the societies in which we operate. We want to contribute our knowledge to help public sector take advantage of the opportunities created by the digital revolution, without sacrificing integrity or security.

  • Sambi, not samba, makes the Swedish healthcare systems dance together

    ​For those of us who follows the Swedish healthcare sector, we recognize there is no lack of challenges. Stressful environments for the staff, legacy systems that needs to be updated and increasing demands from patients for eServices and seamless integration between caregivers.

  • Digital innovation on the way – prepare for eIDAS

    eIDAS will offer a joint framework for e-transactions and e-signatures. The goal is to stimulate business to innovate more when it comes to digital services and to enable citizens to use e-services more efficiently.

Enter your email address to follow Nexus Group

When you choose to create a user account and follow a newsroom your personal data will be used by us and the owner of the newsroom, for you to receive news and updates according to your subscription settings.

To learn more about this, please read our Privacy Policy, which applies to our use of your personal data, and our Privacy Policy for Contacts, which applies to the use of your personal data by the owner of the newsroom you follow.

Please note that our Terms of Use apply to all use of our services.

You can withdraw your consent at any time by unsubscribing or deleting your account.
Check your inbox

Email sent to __email__. Click the link there to follow Nexus Group.

Okay