  |
||
|
|
Western civilization, as we know it The OECD, in effect, represents much of the Western civilization as we know it. It is an international organization with members including the USA, Canada, Mexico, Western and Central Europe, Japan, South Korea, Australia, New Zealand, and even Switzerland, a country that usually stays away from international bodies. The group encourages economic development, financial stability, and expansion of international trade. Meeting these economic objectives of course means making abundant and innovative use of IT. The OECD notes that with information systems becoming more networked and nations using public networks for important infrastructure such as energy, transportation, and finance, security needs to become a front-and-center priority for systems design, rather than an afterthought. The wider variety of threats and vulnerabilities require participants in this new information society to go beyond recognition and acceptance of security. Instead, participants need to build a culture of security, defined as a "focus on security in the development of information systems and networks and the adoption of new ways of thinking and behaving when using and interacting within information systems and networks." Principles The culture of security outlined in the guidelines, consists of nine principles: -- Awareness. Participants should be aware of the need for security of information systems and networks and what they can do to enhance security. -- Responsibility. All participants are responsible for the security of information systems and networks. -- Response. Participants should act in a timely and co-operative manner to prevent, detect and respond to security incidents. -- Ethics. Participants should respect the legitimate interests of others. -- Democracy. The security of information systems and networks should be compatible with essential values of a democratic society. -- Risk assessment. Participants should conduct risk assessments that identify threats and vulnerabilities, as well as determine the acceptable level of risk to aid in the establishment of controls -- Security design and implementation. Participants should incorporate security as an essential element of information systems and networks, expressed in both technical and non-technical safeguards and solutions -- Security management. Participants should adopt a comprehensive approach to security management, with IT security policies, practices, measures and procedures coordinated and integrated to create a coherent system of security. Go To Page: 1 2
The copyright of the article OECD guidelines seek culture of security for IT users in Technology & U.S. Politics is owned by Alan Kotok. Permission to republish OECD guidelines seek culture of security for IT users in print or online must be granted by the author in writing.
|
|
|
|
||
