Business Commitment
Context
The empowerment of each stakeholder group is a prerequisite to foster awareness of security needs and risks in order to promote NIS. Therefore, the NIS Strategy invites private sector stakeholders to take initiatives to:
- develop an appropriate definition of responsibilities for software producers and Internet service providers in relation to the provision of adequate and auditable levels of security;
- promote diversity, openness, interoperability, usability and competition as key drivers for security;
- work towards affordable security certification schemes for products, processes and services;
- disseminate good security practices and promote training programmes in the business sector, to provide employees with the knowledge and skills to implement security practices;
- involve the insurance sector in developing appropriate risk management tools and methods.
Furthermore, the NIS Strategy calls for a structured multi-stakeholder debate on how best to exploit existing tools and regulatory instruments to attain an appropriate societal balance between security and the protection of fundamental rights, including privacy, is needed and foresees a business event to stimulate industry commitment to adopting effective approaches to implement a culture of security in industry.
Initiatives on secure software
In order to fulfil the empowerment objectives of the European strategy on NIS the Commission has invited the private sector to develop an appropriate definition of responsibilities for security of software and services.
A step in this direction was taken by the Business Software Alliance (BSA) who organised an"Information Security Awareness Day" on 27 February 2007 in Brussels, to address the information security challenges that technology providers are facing today and expecting in the future.
Another step was taken in Autumn 2006 with the creation by the industry of the "SAFECode" initiative: the Software Assurance Forum for Excellence in Code. SAFECode intends to increase trust in IT products and services through the advancement of proven software assurance practices.
Further actions are expected to take place in 2008.
Return to the list of Activities
Last updated: 12.2.2008