New report identifies six strategic areas to strengthen the University’s information security

“There are a number of measures that we need to take to further strengthen information security at the University,” says Fredrik Blomqvist, Chief Security Officer at Uppsala University.

The report aims to provide information and proposals for decisions to strengthen the University’s work in information security.

This spring’s information security report focuses on the 2030 objective, i.e. where the University is expected to be in this area by 2030, and concrete measures to achieve that objective.

Six strategic areas to strengthen the University

It is important for the University to develop security in six strategic areas: hardware and software clean-up, technical security measures, system standardisation and phasing out/reduction of administrator permissions, security culture, compliance and supplier audits.

“We need to take a number of measures in each area to further strengthen information security at the University. Together with University IT Services, the Security and Safety Division is now working with management in a structured way to create the conditions for achieving the 2030 objective,” says Uppsala University’s IT Director Måns Östring.

Upgrading to Windows 11 essential

The spring report explains why it is necessary from a security perspective to phase out Windows computers that have not been upgraded to the Windows 11 operating system.

“Among other things, this report emphasises the importance of individual employees upgrading their computers so that they have the Windows 11 operating system installed. From 14 October 2025, computers that have not been upgraded will be locked and subsequently eliminated from Uppsala University’s IT environment,” says Blomqvist.

Only computers with the Windows operating system are affected, and only computers that connect to Uppsala University’s network, not stand-alone computers that do not have access to Uppsala University’s network structure.

Greater potential for individualised client management

Blomqvist explains that a large proportion of the staff at Uppsala University can use a centrally administered computer for research, education and support activities, but that there is a group of employees, mainly researchers, who need more options for managing their own computers.

“The report therefore recommends that the Vice-Chancellor also makes a decision to establish a client management structure. This structure would provide different levels of security linked to different permissions when managing one’s computer with more or less administrator-level permissions.”

EU’s AI Regulation and cyber security

The University Director plans to establish a working group with representatives from both support and core activities, which will be the long arm of the University Director in efforts to ensure that AI initiatives comply with the EU’s AI Regulation.

“There is currently great interest in questions surrounding AI at the University in terms of how it can optimise operations, but also in terms of the risks involved in using AI,” notes University Director Caroline Sjöberg.

A dedicated working group to respond to the Swedish Civil Contingencies Agency’s Cybersäkerhetskollen (Cybersecurity Checkup) should also be established, according to the report. The purpose of the Cyber Security Checkup is to obtain a metric that indicates how “mature” a government agency is from the cyber security perspective.