The Group is composed of some 350 active members from both the private and public sectors. Its objective is to form a community of experienced professionals who need a secure space to communicate with each other in order to compare notes on problems they have encountered, and to share solutions which have either been put applied or which are needed. One of our aims is actively to share in the broadening of our mutual professional skills. We hold debates on complex subjects in order better to define their scope, identify the weaknesses of different methods of protection, and meet today and tomorrow’s challenges more effectively. All our results serve to accompany both private and governmental initiatives.

The Group’s members belong to a network of professionals which is one of the nerve centres of information security in Europe. Since January 2008 the Group has been included in the first European Security Directory,⁽¹⁾ #1joining a whole network of actors with the same aim: to work for European security. Agencies, industries, laboratories, small- and medium-sized businesses and major groups are all represented. For the first time ever this ergonomic, cross-referenced directory groups researchers, technicians, engineers, experts, information systems managers, information systems security managers, directors of security and communications security specialists on a Europe-wide basis.

Comprehensive Security

The hard core of information systems security managers advocate the need for overarching and concurrent security of the patrimony, the better to protect vital information. No matter the nature of the environment to protect, three patrimonies can be damaged: property, information and human. This obliges us to form and deploy a comprehensive security policy. All the risks to which goods and people might be exposed are taken into account: physical, judicial, economic, technical and cultural. For instance, what is the point of introducing a system of badges into an establishment, if those who control the system do not know the basic rules of how to make it work? What use is a system of perimeter security for a given site if there is no contingency disaster access plan? What point is there in a software lock-down of an information system if the individual work habits of its operators negate the information security policy of the enterprise concerned? What is the point of a crisis management cell whose members are untrained?