Information security

The complexity of the security of information systems calls for the development of strategies to enable the free movement of information whilst ensuring the security of the use of information systems throughout the Community. The decision in question is intended to create a plan of action in the area of information security, as well as a committee responsible for advising the Commission of any actions to be taken in this area.

ACT

Council Decision 92/242/EEC of 31 March 1992 in the field of information security.

SUMMARY

This decision approves action in the field of security of information systems. This action includes two components:

• setting up an action plan for an initial 24-month period. An amount of ECU 12 million is considered necessary to implement the action for an initial period of twenty-four months;
• setting up a Senior Officials Committee with a long-term mandate to advise the Commission on action to be undertaken in the field of the security of information systems.

Action Plan

The action plan shall have as its objective the development of overall strategies aiming to provide users and producers of electronically stored, processed or transmitted information with appropriate protection of information systems against accidental or deliberate threats.

The action plan shall be implemented in close collaboration with the sector actors. It shall take into account and complement the world-wide standardisation activities under way in this field.

It shall include the following lines of action:

• development of an information security strategy framework;
• identification of user and service provider requirements for the security of information systems;
• solutions for immediate and interim needs of users, suppliers and service providers;
• specifications, standardisation and verification of information security;
• technological and operational developments for information security within a general strategy;
• provision of security of information systems.

Details of the action plan are set out in the annex to the Decision.

Committee

The Committee is consulted by the Commission systematically on issues relating to the security of the information systems for the various activities carried out by the Community, in particular on the definition of work strategies and programmes.

RELATED ACTS

COMBATING COMPUTER-RELATED CRIME

Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems [Official Journal L 69 16.03.2005]. This framework decision aims to strengthen judicial cooperation on criminal matters relating to attacks against information systems by developing tools and effective procedures.

Communication of the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions: creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime [COM(2000) 890 final - not published in the Official Journal].

EUROPEAN NETWORK AND INFORMATION SECURITY AGENCY (ENISA)

Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency.

In order to guarantee the highest degree of security to users, the EU is equipped with a European network and information security agency ENISA.The aim of creating ENISA first and foremost is to enhance the ability of the Union, the Member States and the business sector to address and to respond to network and information security problems.

See also

For further information on measures employed to ensure security in an information society, please consult the Commission's web site on Europe's Information Society.

Last updated: 12.09.2005