The Ministry of the Economy coordinates the country's information and e-commerce security policy via the Directorate General for the Internal Market and Regional Policy.
Improving information security is a crucial step in encouraging the growth of a modern economy like that of Luxembourg. Good management of information security increases user confidence in computer systems. This is measured in terms of confidentiality, accessibility and the availability of data.
In a society with high levels of interconnectivity and an economy based in large part on e-commerce, it falls more to the State than to the individual to create this culture of security. The State can play a unifying role in risk management by making the use of risk analysis more accessible and putting in place a system of governance for information security.
The government's objective is to create a modern and pragmatic environment which enables the stakeholders involved in e-commerce and trusted service providers to develop in a favourable climate.
In this context, another objective consists of strengthening the security culture within civil society, businesses and administrations. Indeed, better risk management within the private sector strengthens information security in general. In addition, good national governance on risks reassures and inspires stakeholders in the private sector.
The Department for Electronic Commerce and Information Security is also charged with putting in place and developing a legislative framework for:
- electronic commerce;
- electronic signature;
- electronic archiving (service providers for changing to a paper-free system and digital preservation).
In order to meet the societal challenge of information security, the government has developed tools to help businesses, citizens and administrations improve the security of their information. This includes in particular:
- awareness raising campaigns (Cyberworld Awareness & Security Enhancement Services, CASES);
- training for businesses and administrations;
- services that enable businesses and administrations to manage risks better (CASES);
- a permanent analysis of the threat (Computer Incident Response Center Luxembourg, CIRCL).