Annual Report and Sustainability Report 2019

SUSTAINABILITY

Kongsberg cyber security center

Security in KONGSBERG

Security is important for KONGSBERG and concerns the protection of information, personnel and physical assets. To ensure that the security-related work is both practical and effective, this is a part of KONGSBERG’s governance model and business strategies and is integrated in relevant business processes.

Cybersecurity

Cybersecurity or digital security includes managing the risks and security challenges posed by the use of information technology. It includes both hardware, software, services, communication between them, and not least structured work processes.

About our defence against cyber threats

  • Our services are carefully monitored and protected by layered security architecture including extensive logging and monitoring.
  • We conduct security training and awareness programmes.
  • We carry out risk management to balance business goals, efficiency and the right level of safety.
  • We employ continuously improvement of our processes.

Collaboration in the cyber security

KONGSBERG is dependent on the trust of its owners, customers and business partners.

  • We have close cooperation with governmental bodies within the cyber security domain.
  • We have active collaboration and interaction with special interest groups and leading authorities on information security and risk management.
  • We have established KONGSBERG Cyber Security Center as a dedicated, common resource center focusing on security.

Development of secure solutions for our customers

  • KONGSBERG has a long tradition for delivering mission critical solutions, rooted in the defence- and aerospace industry, the high-tech industrial environments of the maritime sector and the oil and gas industry.
  • We use privacy by design as a fundamental principle in software development.
  • We have structured processes for lifecycle management. This allows us to deliver high quality services and meet security requirements.
  • We have internationally acknowledged standards fully included as a part of our strategy and operations.

Information security

Information security consist of work processes and procedures based on ISO27001 and shall ensure an adequate level of security with regard to confidentiality, integrity or availability.

Information represents very important assets and values for KONGSBERG. We ensure these values with structured and robust information security processes. We make use of all the safety perspectives set out in ISO 27001. This has been implemented in all our business areas through policies, processes and procedures, which together meet all information security requirements that the business faces. Compliance is ensured through extensive audit programs and monitoring.

Personnel security

Personnel security shall address both the intentional and unintentional risk of people misusing their legitimate access to KONGSBERG’s property for unauthorised purposes.

Personnel safety in KONGSBERG is maintained by robust processes throughout the employment or engagement at KONGSBERG. This includes everything from selection process, agreements, training, access control and processes for termination.

Physical security

Physical security shall protect personnel, assets and property from damage or destruction.

In KONGSBERG, we achieve good physical safety through a combination of secure areas that are physically shielded for access for unauthorized persons, access control systems in all locations, zone divisions and strict physical safety requirements around IT services. These are requirements that our suppliers and partners also must comply to.

 

To the top