INFOSEC '93 Security Investigations
For some time, the European Community has recognized the need for a comprehensive approach to INFOSEC (Security of Information Systems) to protect the individual, the business community and public administrations against a range of increasingly sophisticated threats. In recognition of this need, the Commission proposed an overall framework within which to assess information security problems and to identify and develop appropriate solutions. Council Decision 92/242/EEC of 31.3.1992 "Security of Information Systems" defines a number of action lines as a direct result of this initiative and in addition defines the necessity for a Senior Officials Group for Information Systems Security (SOG-IS) to advise the Commission. To support the implementation of the action lines described in the Decision, and the work of SOG-IS, a programme comprising a number of studies and investigations was launched in 1992. This initial set of projects, referred to as "INFOSEC '92", is now coming to an end. A follow-up set of projects , INFOSEC '93, has been implemented. This builds on the results of the earlier projects and also assesses various security considerations in areas including telecommunications, "trusted services", etc. The Commission has sought the widest contribution from all sectors on the subject of Information Systems Security. IBAG (the INFOSEC Business Advisory Group), representing many European organizations with an interest in commercial security, has been a source of practical feedback from the marketplace. Much of the input has come from a series of INFOSEC studies in key policy areas such as risk analysis and exploitation of ITSEC (IT Security Evaluation Criteria). A report is now available summarizing the main results of the INFOSEC '92 Security Investigations, most of which are now successfully completed. It also outlines some 14 new studies undertaken in the context of INFOSEC '93. This document forms part of the open and public dialogue between the Commission and the Community as a whole on the increasingly important topic of Security of Information Systems. The 83-page report "INFOSEC '93 Security Investigations" includes sections on the implementation of telecommunications security, security evaluation (ITSEC/ITSEM), standardizaton, action lines and INFOSEC projects, a summary of the work undertaken within INFOSEC '92 Security Investigations, plus a summary of INFOSEC '93 projects. A list of organizations participating in the work is included.