Information security

Have you been scammed, hacked or had anything stolen? 

Contact sikkerhet@oslomet.no immediately if there is a suspicion of data fraud and hacking. 

What to report? 

• data fraud (phishing, ransomware virus, etc.) and sensitive information going astray 

• failures or deficiencies in safety routines or technical safety measures 

• stolen equipment 

• violation of laws, regulations and internal routines 

Read more about lost or stolen information or equipment on sikresiden.no. 

The safety instructions are OsloMet's guidelines for how to best secure equipment, information and OsloMet's property. 

Sikresiden.no also contains information on handling security and preventive measures at OsloMet. 

Personal information can be a picture, video, audio recording or text. Everyone who processes information on behalf of OsloMet must know the routines and follow them. 

• Privacy at OsloMet 

• GDPR - What does it mean for me? 

A risk assessment must be made for all processing of personal data, read more about risk assessment. 

It must also be considered whether a Privacy Impact Assessment (DPIA) should be carried out in all processing of personal data. 

As an employee, it is essential that you can classify your information. The classification lays the foundation for all further treatment. You will find the information you need at ansatt.oslomet.no/klassifisering. 

Familiarize yourself with the rules that apply to storage, encryption and transmission: 

• Storage guide 
• Encryption 
• Secure sending of files and documents 

Password 

Always change your password if you think you have been hacked or scammed. 

Password rules at OsloMet 

The password must contain at least 16 characters and there is no requirement for special characters. Use words, spaces and sentences that are easy to remember. 

Read more about how to create strong passwords (nettvett.no) (in Norwegian). 

Two-factor authentication 

Login with two-factor authentication must be used where possible. Two-factor authentication is enabled for Microsoft Remote Desktop and is being introduced for Microsoft Office 365. 

Find out how to activate two-factor authentication at ansatt.oslomet.no/tofaktorautentisering 

• The rules of netiquette (nettvett.no) (in Norwegian)

• How to secure information (sikresiden.no) 

• Avoid being hacked (sikresiden.no) 

• Learn about online fraud (sikresiden.no) 

• How to recognize fake emails (nettvett.no) (in Norwegian)

(All policys and guideline are only available in Norwegian)

Policy 

• Data security and privacy policy 

Guidelines 

• Guideline for non-conformance reporting and non-conformance handling 

• Guideline for the processing of personal data 

• Guideline for physical security of ICT infrastructure 

• Guideline for incident, crisis and continuity management 

• Guideline for data security in supplier relationships 

• Guideline for classification of information 

• Guideline for network and information transfer 

• Guideline for operational safety 

• Guideline for risk management of data security 

• Guideline for safe development 

• Guideline for security culture and training in data security 

• Guideline for securing personal ICT equipment 

• Guideline for system owner 

• Guideline for access control