This document includes two parts. The scope of Part I is to accomplish the final set of Network Security guidelines that aim at providing a secure environment in European Health Care networking information systems. These guidelines will be used by Reference Centres to implement security mechanisms and protocols for the provision of network security in Health Care Establishments in EC member countries.

Section 1 outlines the approaches followed in establishing Network Security guidelines; the conceptual approach and the technical approach.

Section 2 describes the method used in producing these guidelines, and includes the inputs used, the objectives of the work carried out, the technical approach applied, and the outputs derived from that work.

Section 3 provides descriptions of the principles that group the Network Security guidelines and detailed descriptions of the latter that pertain to each principle.

Section 4 provides a roadmap for the Network Security Guidelines usage and establishment.

The scope of Part IT is to provide the final list of Health Care requirements for Network Security, the final list of security services, the final list of the security mechanisms, and to produce lists of policies and procedures for day-to-day secure network operations, as well as to expand on the entries of the above lists in detail, for the provision of network security in Health Care Environments in EC member countries.

The technical approach of the above objectives has been based upon the fact that data being transmitted across a network in HCEs are subject to several different types of attack. Those attacks have a number of impacts over the whole environment and security services are defined to ensure adequate security against the mentioned attacks. Security mechanisms are used to provide those services.

Section 1 introduces the list of potential methods of attack that could be used and the list of threats that a networking HCE faces when an attack occurs.

Section 2 describes the final lists of Network Security requirements, HC Personnel User requirements, and HC requirements for Network Security.

Section 3 lists and examines the security services that protect the data being transmitted across a link - either a HCE internal domain link or an inter-domain HCE line - from the above mentioned methods of attack and consequently from the specific threats.

Section 4 lists those security mechanisms that could be used for the implementation of one or more of the specified security services.

Section 5 lists policies and procedures for day-to-day secure network operations. Those policies and procedures will allow network managers in HCEs to create a helpful, practical handbook of procedures that they can refer to daily in relation to their network activities.

Section 6 presents the requirements - guidelines coverage map.

Section 7 lists references used for the production of this document.