Information systems security: Action plan

A Council Decision in the field of security of information systems (Decision 92/242/EEC of 31.3.1992) adopts an action plan, referred to in Commission documents as "INFOSEC", comprising the development of overall strategies for the security of information systems for an initia...

A Council Decision in the field of security of information systems (Decision 92/242/EEC of 31.3.1992) adopts an action plan, referred to in Commission documents as "INFOSEC", comprising the development of overall strategies for the security of information systems for an initial period of 24 months, and the setting up of a Senior Officials Group with a long-term mandate to advise the Commission on action to be undertaken in this field. The action plan is designed to develop a global strategy providing users of electronically stored, processed or transmitted information with protection against accidental or deliberate threats to information security. Action lines shall include the development of a strategic framework; the analysis of user/provider requirements; solutions for the immediate and interim needs of users, suppliers and service providers; the development of specifications, standardization, evaluation and certification; integration of technological and operational developments; and provision of security functions in information systems. Community funds estimated necessary for the execution of the action amount to ECU 12 million for the initial two-year period.