The security principles advice businesses and organisations on how to protect their information systems from unauthorized access, damage or misuse.
NSM encourages Norwegian organisations, both private and public, to use the security principles to improve the security of their systems. By implementing these recommendations, organisations will achieve a good foundation for security in their ICT-systems, but the recommendations must be assessed and adapted for each organisation.  

About the principles 

There are 21 security principles with a total of 118 security measures, distributed across four categories: i) identify, ii) protect and maintain, iii) detect and iv) respond and recover. NSM has created a spreadsheet which includes all the measures with a suggested prioritization and a mapping to ISO/IEC 27002:2022.

The NSM ICT Security Principles was first released in 2017 and has since been updated regularly in Norwegian. The current version (2.1) is the first to be translated to English.