Expectations from authorities, owners, customers, travellers, aviation and internationally demand good control of cyber security. And the ability to protect critical systems against shut down or leakage of sensitive information.
Avinor Cyber Security is responsible for
- IT and cyber security
- IT and cyber security strategy
- IT and cyber security risk management within the Avinor group.
This includes all security measures, guidelines, routines and control features.
Prevention and information sharing
Avinor Cyber Security works across all parts of the Avinor Group to ensure information sharing across professions and different environments. Avinor Cyber Security Forum is an arena for sharing relevant information. Challenges are discussed to create a consensus on proposed solutions. Anchoring across the different environments creates a unified focus and a shared understanding of risk.
Within the national transport sector, Avinor Cyber Security meets other participants regularly to exchange experiences and discuss issues.
Internal training of Avinor employees is conducted annually to ensure that everyone has a basic understanding of risk and need for caution.
Consulting and Project Participation
It is important to get visible IT security challenges in all major projects early. Avinor has a high number of ongoing projects at any time, many of which require greater participation from Avinor Cyber Security. Others manage by simpler advice along the way and the established standards / routines to ensure progress in the project.
Avinor Cyber Security offers advice to system owners, projects or other collaborators whom Avinor collaborates with and where it reveals cyber security related challenges.
Avinor continuously monitors its systems with IT security as a focus. Using sensors and logs, we keep an overview of the normal state of the systems. Deviations are handled immediately and escalated as needed (see Avinor CSIRT). Depending on the criticality, you will be able to copy data for proof and analysis in the future.
For unforeseen cyber security events, Avinor CSIRT (Cyber Security Incident Response Team) is gathered. The responsibility is to coordinate and lead an event until the normal situation can be restored.
All subject areas in Avinor could be represented, but the team’s regular members come from areas that work on IT security daily and at different levels.
Avinor CSIRT is managed and set by Avinor Cyber Security.
Avinor CSIRT is also responsible for coordinating information with the CSIRT / CERT networks as well as assisting the Avinor Group crisis staff.
Cyber Security is working to keep track of all processing of personal information and the data flow of such information in Avinor, as well as being compliant with the Personal Information Act and the forthcoming General Data Protection Regulation (GDPR). In addition, Cyber Security will develop guidelines and instructions for processing personal data within and in collaboration with Avinor.
Risk and vulnerability analysis
IT and Cyber security work is based on thorough knowledge and understanding of the risk factors facing Avinor. In addition, any vulnerabilities in the various IT systems and applications must be mapped and assessed against the likelihood that these can be detected and exploited. Cyber Security is responsible for ensuring that these assessments are carried out. As risk changes over time, there is a need for a continuous update of the knowledge of both external and internal threats, and assessments must therefore be carried out both periodically and at special events.
Avinor Cyber Security carries out annual revisions within its field of expertise. In addition, economy audits, the Civil Aviation Authority, NSM (National Security Authority), and other external companies will also conduct audits with IT and Cyber security in focus.
Phone: +47 64 81 23 23