home

About

Legal

Contact

E-business Regulatory Alliance

The UK's broad-based e-business policy forum

 

Information provided in association with Bird & Bird, the Communications Management Association, EURIM, and the National Computing Centre

 

 

 

Audit Categories

 

 

 

Government Portals

 

Audiovisual Media

 

Communications

 

Crime | Terrorism

 

Economy | Work

 

Government | Society

 

Internet

 

Personal Identity

 

Satellite

 

Security | Trust

 

Sustainability

 

Wireless

 

 

Pipes

 

Water

 

Internal Links

 

Consultations

 

Diary

 

Legal Index

 

Review

 

Business Portals

 

Business Link

 

Get Safe Online

 

Tiger Scheme

 

IISP

 

Media Centre

 

 

Security and Trust

(See also: Crime and Data Protection)

 

The security of both IT infrastructure and business information is critical to maintaining user trust and confidence. Yet security still tends to be viewed as a technical matter rather than a mainstream business issue. 

 

Security also consists to a large extent of human behaviour and our knowledge of threats and remedies. Information security concerns a number of policy fields such as privacy, industrial policy, international trade, citizens' rights, law enforcement, defence, and much more, so holistic approaches at both European and global levels are essential.

  • A range of activities are being implemented to support these policies, including:

  • the introduction of the European Network and Information Security Agency (ENISA);

  • Safer Internet Action Plan - dealing with illegal and harmful content on a larger range of online technologies, including mobile systems, P2P, chat rooms and online games;

  • Research and development in areas such as e-Authentication (smartcards, biometrics);

  • Improving standards;

  • Trans-European Networks for Telecommunications to enhance business and citizen trust and confidence.

The EU has already developed rules to secure electronic communications, for example through the electronic signatures directive and privacy legislation for electronic communications

 

A number of other strands are currently being addressed under the i2010 action plan, including network and Information Security.

 

Further reading...

 

1. Measuring Security and Trust in the Online Environment: A view using official data | OECD

 

2. BERR Information Security Breaches Survey 2008

 

3. Web Security Guidelines | AEB

 

4. Risk Management and Accreditation of Information Systems

 

5. Attacks Against Information Systems

 

6. Information Assurance Guidelines for the Commercial Sector

 

7. Clean up in Cyberspace - Guidance on Personal Data Security from the European Commission  

 

 

Security Policy

 

E-signatures Policy

 

IT Safe

 

 

WARP

 

 

 

Online Security Tips

 

Standards Bodies

 

ISO

 

BSI Group

 

IEC

       

 

  
     

 

I. Table of Statute Laws and Regulations

  
 

Key

    
 

 

    
 

Measures

Legal

Summary

Regulatory

Guidance

Member States

Implementation

Additional

Information

  

1st

Level

2nd

Level
 

ê

ê

    
 
         
   I. Culture of Network Security  
 

 

 

 

 
 

 

Communication COM (2001) 298 final; Network and Information Security; Proposal for a European Policy Approach

 

 

 

 

 

 

 

 

Council revised text (6671/03) 

 

     

 

  
 

 

Council Resolution on a European approach towards a culture of network and information security

  
     

 

  
   II. ENISA  
     

 

  
 

 

Regulation 460/2004 establishing the European Network and Information Security Agency (ENISA)

 
     

 

  
   III. Standard Secure Registries  
     

 

  
 

 

Regulation EC No. 2216/2004 for a standardised and secured system of registries

  
     

 

  
   IV. Attacks against Information Systems  
     

 

  
 

 

Framework Decision 2005/222/JHA of 24 Feb 2005 on attacks against information systems

 

 

 

 

 

 

   V. Electronic Signatures Framework  
         
 

 

Electronic Signatures Directive - 1999/93/EC

     

 

  
   

Electronic Communications Act 2000

 
   

Electronic Signatures Regulations 2002

  
         

 

 

 

For more information

 

 

II. Table of Security Standards

 

         

 

 

 

 

 

 

 I. ISO (International Organisation for Standardisation)

 

 

 

 

 

 ISO 27000

Information Security Management - Principles and vocabulary

 

 

 ISO 27001

Information security management systems

 

 

 ISO 27002

Code of Practice

 

 

 ISO 27003

Guidance on implementation

 

 

 ISO 27004

Information security metrics and measurement

 

 

 ISO 27005

Risk management

 

 

 

 

 

 

 

 II. BS (BSI Group)

 

 

 

 

 

 

 

 BS ISO/IEC 17799:2005

 (BS 7799-1:2005)

Information technology. Code of practice for information security management

  
   BS 7799-2:2005

Information Security management. Specification with guidance for use.

  

 

 BS 7898:2004

Security screening of individuals employed in a security environment

 

 

 PD 6668:2000

Managing risk for corporate governance

 

 

 BS 5454:2000

Recommendations for the storage and exhibition of archival documents

 

 

 BS ISO/IEC 7064:2003

Information technology. Security techniques. Check character systems

 

 

 BS ISO/IEC 9796-2:2002

Information technology. Security techniques. Digital signature scheme giving message recovery. Integer factorisation based mechanisms

 

 

 BS ISO/IEC 9979:1999

Information technology. Security techniques. Procedures for the registration of cryptographic algorithms

 

 

 BS ISO/IEC 9798-1:1997

Information technology. Security techniques. Entity authentication mechanisms. General