The Organisation of Economic Cooperation and Development (OECD)
governments have released a set of new Guidelines for the Security
of Information Systems and Networks, in the wake of last year’s
September 11th attacks in the US, in order to help deal with
cyberterrorism, computer viruses, hacking and other security
threats.
The new security guidelines will replace the guidelines first
issued in 1992 as a basis “for improving international
co-ordination and co-operation to meet the evolving challenges and
risks posed by threats to information systems and networks.”
According to the OECD, the guidelines aim to develop a “culture
of security” among governments, businesses and individual users, in
the new environment of interconnectivity across national borders
and converging technologies. The guidelines, which are not binding,
urge all users of information technology to adhere and implement
nine basic principles.
These cover such areas as security awareness, risk assessment
and security design and implementation, as well as ethics,
responsibility and democratic values.
The new guidelines are the product of discussions between OECD
governments, representatives of the information technology
industry, business users and civil society. Non-OECD countries have
been invited to adopt similar approaches.
