INFORMATION SECURITY PORTAL
I am born and living in Sweden, which is the reason for focus on Swedish and European Union (EU) laws and information security. However, regarding information security I use information and best practices from other countries as well, mainly United States.
Ever since the Personal Computer (PC) with DOS/Windows was first launched, I have been interested in computers (built-, configured- and programmed them).
I have studied at University’s mainly in Sweden, but also in the United States and the areas are Swedish law, business, economics and computer science including information security.
I have worked with IT consulting since 1998 and I have had many different roles/responsibilities; Software developer, support specialist, technical project manager, product manager, project manager, manager and senior manager. Regardless of what role I have had, information security has always been part of the work, but it was not until 2015 I specialized in it.
I now work as a privacy and information security specialist.
MY WORK AS PRIVACY AND
INFORMATION SECURITY SPECIALIST
Since I work both internal with the organisation and with external customers, I can say that the demands from customers regarding information security has significantly increased over the last few years.
My work is to coordinate privacy and information security work and when needed be responsible for projects, trainings, guidelines/routines and support the organization (e.g. operations, product developments, sales, etc.).
One interesting example of a large project I was responsible for was the work to ensure GDPR compliance of our offerings. It was challenging to interpret GDPR and find the “right level of security/privacy”. An example of support to the organization is helping with workshops regarding e.g. risks, Business Continuity, DPIA, Business Impact Assessment and information classification (CIA).
I have developed an ISMS, based on the company’s global ISMS/policy’s, with guidelines and routines for the business (personal, product offerings, etc.). The same ISMS was the foundation when the business received a successful (:-)) ISO27001 certification.
To be able to achieve this I have attended different trainings, e.g. ISO27000. But I must admit I have learned a lot from working with external customers and from working close with our legal- and security experts.
With this website I hope to share some of the information I have found useful and help with ideas regarding best practice and templates for different areas.