Community Research and Development Information Service - CORDIS

Programme funding

EUR 12 million

Official Journal Reference

L 123 of 1992-05-08

Legislative Reference

92/242/CEE of 1992-03-31
To develop overall strategies aiming to provide users and producers of electronically stored, processed or transmitted information with appropriate protection of information systems against accidental or deliberate threats.

Abstract

Information stored, processed and transmitted electronically plays an increasingly important role in economic and social activities. The advent of efficient global communications and the pervasive use of electronic handling of information emphasizes the need for adequate protection. Thus the European Parliament has repeatedly stressed the importance of the security of information systems in its debates and resolutions. The Economic and Social Committee has also emphasized the need for Community action to address issues in this area.

The complexity of the security of information systems calls for the development of strategies to enable the free movement of information within the single market while ensuring the security of the use of information systems throughout the Community. Moreover, the responsibilities of the Member States imply a concerted approach based on close collaboration with senior officials of the Member States.

In view of the above, the Community action comprises:
- Development of overall strategies for the security of information systems (action plan) for an initial period of 24 months;
- Setting up a Senior Officials Group with a long-term mandate to advise the Commission on action to be undertaken in the field of the security of information systems.

The Commission shall consult the Senior Officials Group systematically on issues relating to the security of the information systems for the various activities carried out by the Community, in particular on the definition of work strategies and programmes.

The action plan includes preparatory work under six main themes (action lines). It aims to take into account, promote and complement the European and international standardization activities underway in the field of security of information systems.

Subdivision

Six action lines:

- Action line I - Development of a strategic framework for the security of information systems:
Establishment of a strategically oriented framework to reconcile social, economic and political objectives with technical, operational and legislative options for the Community in an international context;

- Action line II - Identification of user and service provider requirements for the security of information systems:
Establishing the nature and characteristics of requirements of users and service providers and their relation to security measures of information systems;

- Action line III - Solutions for immediate and interim needs of users, suppliers and service providers:
To provide, at short notice, solutions which can respond to the most urgent needs of users, service providers and manufacturers, including the use of common IT-security evaluation criteria open towards future requirements and solutions;

- Action line IV - Development of specifications, standardization, evaluation and certification in respect of the security of information systems:
To provide a means of supporting and performing specific security functions in the general areas of OSI, ONP, ISDN/IBC and network management, and also to encourage the development and use of computer systems with security functions;

- Action line V - Technological and operational developments in the security of information systems:
Systematic investigation and development of the technology to permit economically viable and operationally satisfactory solutions to a range of present and future requirements for the security of information systems;

- Action line VI - Provision of security of information systems:
To come to a clearly defined and agreed sharing of responsibilities between the different actors on a Community level as a prerequisite for mutual recognition of verification and certification in order to facilitate a harmonious development of the provision of security of information systems in the Community.

Implementation

The Commission is responsible for implementing the action, in close association with related actions in Member States and in conjunction with related Community research and development actions. It is assisted by an advisory committee composed of representatives of the Member States and chaired by the representative of the Commission.

An evaluation of the progress achieved during the initial period shall be carried out by a group of independent experts. This group's report, together with any comments by the Commission, shall be submitted to the European Parliament and to the Council.
Record Number: 231 / Last updated on: 2014-03-05