Tilsynsmetodikk og måling av informasjonssikkerhet i finans- og kraftsektoren
This report presents a comparative study of the regulatory authorities within the Norwegian, Danish, Swedish and
British finance and energy sector. The study is part of the ”Critical Information Infrastructure Protection Project”
(BAS5), and it has been conducted to provide an overview of the supervisory process carried out by the proper
authorities in the finance and energy sector, as well as experiences related to supervisory controls. Furthermore, this
study provides an identification of the coarse features of legal acts, methodology used in regulatory and supervisory
activities, and the use of performance measuring such as metrics and indicators in relations to research needs.
The research, based on interviews and literary searches, revealed that the statutory framework concerning information
security and supervisory methodology employed by the proper authorities varies both between sectors and countries.
Compared to UK, Sweden, Finland and Denmark; it seems like Norway has put more emphasis on strong regulation of
information security compared to the other countries. Furthermore, the study reveals that quantitative indicators or
metrics are not applied, however there seems to be a potential for developing metrics to follow up compliance to law