Skip to main content
SearchServices

Information security

Information security refers to the protection of the confidentiality, integrity and availability of information as well as all the technical, operational and administrative measures through which the City of Espoo aims to secure its information.

Information security at the City of Espoo

Information security and personal data protection are part of the wider concept of cyber security, which also includes system and facility security and preparedness.

Information is produced and processed as part of the City of Espoo’s services. This includes contact and invoice information that must be protected against unauthorised use and manipulation and kept available to the employees providing the services.

Information is protected through various technical, operational and administrative measures that include assessing information-related risks, risk-based preparedness planning, statutory measures, training, tools and cooperation. Facility security is part of information security when facilities are used for processing critical or confidential information.

Cyber security threats against Espoo usually involve professional fraud activities by foreign offenders and spreading of malware with the aim of extorting money. Hacktivism, vandalism and information influencing may also target Espoo’s services and those using the services. New statutory obligations are a growing challenge.

Facility security

In the context of information management, it is also important to pay attention to physical security, for example with regard to facilities and staff activities. Facility security is part of the city’s information security when facilities are used for processing confidential or otherwise sensitive information. 

These facilities and the routes to and from these facilities can be monitored with recording cameras. They are also marked with a “Staff only” sign. You can find a picture of this sign below. 

If necessary, facilities can be equipped with electric locks that register their use, which makes it possible to check who has been in a space. People’s movements can also be checked from security camera footage. “Staff only” facilities are security areas that can be accessed by

  • employees working at the location; 
  • other people when accompanied by employees working at the location. 

Photography, filming or audio recording using one’s own devices is not allowed in a security area. All unauthorised persons and those who cannot be identified as staff members, either based on an ID or by a representative of the location, will be removed from the area. 

Security is about small everyday acts – at home and at work. Staff training and monitoring improve security for all of us.  

Act on Information Management in Public Administration (906/2019), section 15(external link, opens in a new window) 

Collection of recommendations on the application of certain information security regulations, Publications of the Ministry of Finance 2021:65, sections 11 and 12(external link, opens in a new window) (in Finnish)  

Security and Preparedness Unit provides information security services

The Security and Preparedness Unit’s experts support the other units of the City of Espoo in matters related to cyber security. The services provided by the unit include:

  1. handling extensive information security and data protection incidents;
  2. training staff and others acting on behalf of the city in common and good cyber security practices;
  3. interpreting legislation related to general cyber security preparedness and prevention of disruptions when it is not the responsibility of other authorities;
  4. organising information security checks and safety walks on city premises;
  5. preparing city-wide cyber security instructions and guidelines when it is not the responsibility of other authorities;
  6. monitoring the city’s cyber security environment;
  7. issuing statements concerning cyber security to other authorities;
  8. filing official reports, including police reports, on data breaches, forgeries and personal data leaks.

Information security requires cooperation

Information security encompasses different services, processes, systems, suppliers, information resources and personnel, and responsibility for its maintenance lies with the owner of each service, system or information resource and the appointed maintenance staff.

In order to carry out its duties, the maintenance staff needs information about all defects noticed. Each user can send such information, preferably directly to the staff responsible for the service in question but also through the City of Espoo feedback system(external link, opens in a new window). Let’s keep Espoo secure.

Did you notice me? A sign for staff premises.