The 22nd Nordic Conference on Secure IT Systems is hold at the University of Tartu, in Tartu, Estonia, between November 8th and 10th, 2017. NordSec addresses a broad range of topics within IT security with the aims of bringing together computer security researchers and encouraging interaction between academia and industry. NordSec 2017 welcomes contributions within, but not limited to, the following areas: ·        Access control and security models ·        Applied cryptography ·        Cloud security ·        Commercial security policies and enforcement ·        Cyber crime, warfare, and forensics ·        Economic, legal, and social aspects of security ·        Enterprise security ·        Hardware and smart card security ·        Mobile and embedded security ·        Internet of Things and M2M security ·        Internet, communication, and network security ·        Intrusion detection ·        Language-based techniques for security ·        New ideas and paradigms in security ·        Operating system security ·        Privacy and anonymity ·        Security education and training ·        Security evaluation and measurement ·        Security management and audit ·        Security protocols ·        Security usability ·        Social engineering and phishing ·        Software security and malware ·        Trust and identity management ·        Trusted computing ·        Vulnerability testing Proceedings will be published in Lecture Notes in Computer Science (LNCS, Springer).