This report concerns protection of research data within the remit of the Ministry of Higher Education and Science.
The purpose of the study is to assess whether the universities adequately protect research data. Initially, we mapped the risk profiles of the five largest Danish universities in relation to their protection of research data against unknown IT equipment. Then we dug deeper at the largest university – the University of Copenhagen – to determine how the centralised IT department at the university and three selected departments work with IT security in relation to protection of research data.
It is Rigsrevisionen's assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign ac-tors may relatively easy gain unauthorized access to the universities' research data. This is not considered satisfactory by Rigsrevisionen.
The study shows that the centralised protection of research data at the University of Copenhagen is inadequate and the review of the IT security at three departments shows that the IT security task is not solved locally either.
Rigsrevisionen initiated the study in February 2018.
Read the introduction and conclusion (PDF)