In a formal set of guidelines on the 'Security of Information Systems and Networks', the 'rich nation' group has urged all users of information networks – including blue chip businesses and Government departments – to implement nine basic principles covering security awareness and risk assessment.
These also include notes on assigning responsibility for taking precautions, responding to threats quickly and effectively, behaving ethically when imposing security measures and the need for constant threat reassessments.
The guidelines state: "Security should be a fundamental element of all products, services, systems and networks, and an integral part of system design and architecture."
They add that security management should be based on risk assessments that include "forward-looking responses to emerging threats and address prevention, detection and response to incidents, systems recovery, ongoing maintenance and audits."
In terms of system design, the OECD states: "Systems, networks and policies need to be properly designed, implemented and co-ordinated if security is to be optimised". Both technical and non-technical safeguards must be considered, and "should be proportionate to the value of the information held on the organisation's systems and networks".
Amid growing worldwide dependence on such information systems and networks, the guidelines demonstrate OECD Governments' positive commitment to the stable and productive development of online communications. In essence, the guidelines are the end result of a consensus reached between OECD Governments resulting from discussions that also involved representatives of the IT industry and business end users.
The new recommendations (which can be accessed at: www.oecd.org) replace guidelines first issued in 1992 on improving international co-ordination regarding global threats to specialist IT networks.
Source
SMT
No comments yet