by Inger Anne Tøndel, 27 June 2014,
The assessment was performed with the help of focus groups in which a total of 18 organisations were represented.The groups discussed how activities related to information security are carried out today, and how they envisage future needs. Moreover, a survey was carried out to investigate the use of management systems in connection with information security. The assessment is intended to provide Difi with a basis for prioritisation of its activities.
A summary has been prepared of the assessment's most important findings. Focus group members highlight the importance of achieving effective communication in connection with, and broad participation in activities linked to, information security. For example, they feel that participation in a risk assessment process raises awareness of the importance of information security. It is essential to learn lessons from things that work well. The key issues which represent challenges today are:
- establishing an understanding of the nature of the risks linked to information security
- integrating information security with the goals of the organisation in question
- acquiring and maintaining expertise in the field of information security
- safeguarding information security effectively during the development of IT systems
Further information about the results of the assessment can be found on the Difi website.
This article was originally posted on the INFOSEC blog, run by researchers at SINTEF ICT.