The standard, known as DS 484, is based on the international standard ISO 27002 "Code of practice for information security management", modified to suit Danish conditions. With the introduction of this standard, IT security management in all ministerial areas will be structured according to a common concept.

Activities to develop, maintain and inform users about the requirements of the standard are handled by the Minister for Science, Technology and Innovation, represented by the National IT and Telecom Agency, in collaboration with other authorities in the public sector. In addition, the National IT and Telecom Agency is in charge of developing tools, templates, seminars and workshops to support implementation and maintenance of the standard. However, it is the task and responsibility of each individual institution to organise security work in their own organisation.

Security Forum

To support collaboration about information security across the government sector, the Government IT Council has established the Government Information Security Forum (GISF), in which about 30 government institutions participate. The Forum meets 4-6 times a year and is charged with the following tasks:

• to contribute to exchanging experience about the use of the standard, 
• to follow the general development of information security management by public authorities, and propose joint initiatives that may strengthen information security,   
• to determine the best practice and make proposals on how to improve paradigms and the activities carried out by the National IT and Telecom Agency, 
• starting from the tasks and purposes above, to support professional coordination between authorities and contribute to achieving agreement about the requirements for information security in the public sector. 

The National IT and Telecom Agency holds the chairmanship of GISF and provides secretarial assistance. The present portal is operated by the Secretariat and aims to contribute to the exchange of experience, distributing information material, creating awareness of courses etc. and supporting administration of the Forum.

Benchmark survey

The National IT and Telecom Agency conducts a survey about once a year to benchmark the efforts of all government institutions in the IT security area. The main conclusions are reported to the Government IT Council, while the specific results are used by GISF to prioritise its efforts in terms of workshops, information material and tools.

History

The decision to introduce DS 484 as a security standard in government institutions was made by the Danish Government on 12 January 2004. This means that government institutions had three years in which to implement the standard. The Government decision was made on the basis of a number of recommendations given in a report circulated for public consultation in the summer of 2003.

The decision should be seen in light of the fact that effective IT use in the government sector and realisation of e-government are conditional on factors such as increased coordination and coherence between the IT systems of public authorities, thus avoiding unnecessary costs. Another condition is that citizens and businesses should feel secure and confident when using IT for communication with the public sector.

To follow the implementation of the common government IT security standard, the Government IT Council in March 2004 appointed a working group with the aim of promoting knowledge sharing about IT security and IT security issues in the government sector. The Ministry of Science, Technology and Innovation held the chairmanship and provided secretarial assistance to the working group.

Information on using DS 484 in the government sector can be obtained by contacting the Secretariat.