Vi samler statistik ved hjælp af cookies for at forbedre brugeroplevelsen.

Vi begynder dog først, når du klikker dig videre til næste side.

Læs mere om cookies

 

Towards improved risk management and information security in central government

28-02-2015 Column

For many Danes, digitisation is synonymous with making daily life easier, where contact with the public sector can fit in with other day-to-day errands. Digitisation, however, also makes us vulnerable to cyber criminals wishing to exploit our high level of digital activity in order to commit, for example, identity theft or money fraud.

We regularly receive examples of authentic-looking scam e-mails, in which Danish citizens are encouraged to send their confidential NemID details (NemID is the Danish public sector digital signature solution). Fortunately, the vast majority of Danes know they should not reply to these mails, but simply delete them.

It is crucial for continued public confidence that we in the public sector safeguard people’s data and ensure that the information is not misused. With this in mind, the Danish Government launched a national strategy for cyber and information security in December, which we at the Agency for Digitisation will have a significant role to play in implementing. With the Strategy for Cyber and Information Security, the Government’s aim is to maintain and strengthen public and corporate confidence in Denmark remaining a country where it is safe and secure to use digital services.

Our contribution is to professionalise central government efforts to enhance risk management and information security. For example, we are currently developing a new supervisory concept for the public sector that will provide government ministries with a better overview of their ICT supervision and thus prevent critical incidents where, for example, the data of citizens become exposed. Within this framework, the ministries will receive instructions on how to improve their supervision of ICT use and information security by means of the internationally recognised security standard ISO27001, protective measures against cyber threats, etc. These are just some of our initiatives designed to enhance the ability of public authorities to safeguard the data of Danish citizens.

Information security will naturally also be an important focus area in the next public sector digitisation strategy, which we have now begun work on preparing. This work will also focus on information security in regions and municipalities. Already this year we will start preparing an information campaign aimed at raising security awareness among citizens and businesses. The initiatives comprise, among other things, a campaign to increase knowledge about cyber and information security in Danish primary and lower secondary schools in order to make Danish citizens aware at an early age that they also have a responsibility to safeguard themselves and their data.

We cannot possibly deliver this difficult agenda on our own, and therefore we collaborate broadly across the public sector and with important private actors, such as banks. This collaboration will be strengthened in the years ahead.

Lars Frelle-Petersen