Friday, December 14, 2012

OECD IT Security Guidelines


OECD IT Security Guidelines

John Kyriazoglou*
Establishing the IT security guidelines and standards (in general terms) for the specific organization should be done by the IT committee and ratified by the board. These standards could follow international guidelines and frameworks issued by organizations such as OECD, NIST (U.S.A.),  European Union, IATF, ISO (ISO/IEC 17799, ISO/IEC 27001, ISO 13335, ISO 15408), U.S. Federal Information Processing Standard (FIPS 140), etc.

I have used the following security principles of OECD in my IT security projects and particularly when large public or private organizations are involved.

PRINCIPLE 1: Awareness. Participants should be aware of the need for security of information systems and networks and what they can do to enhance security.

PRINCIPLE 2: Responsibility. All participants are responsible for the security of information systems and networks.

PRINCIPLE 3: Response. Participants should act in a timely and co‑operative manner to prevent, detect and respond to security incidents.

PRINCIPLE 4: Ethics. Participants should respect the legitimate interests of others.

PRINCIPLE 5: Democracy. The security of information systems and networks should be compatible with essential values of a democratic society.

PRINCIPLE 6: Risk assessment. Participants should conduct risk assessments.

PRINCIPLE 7: Security design and implementation. Participants should incorporate security as an essential element of information systems and networks.

PRINCIPLE 8: Security management. Participants should adopt a comprehensive approach to security management.

PRINCIPLE 9: Reassessment. Participants should review and reassess the security of information systems and networks, and make appropriate modifications to security policies, practices, measures and procedures.

 

Full details at: http://www.oecd.org/sti/interneteconomy/15582260.pdf

John Kyriazoglou (jkyriazoglou@hotmail.com)

John Kyriazoglou, CICA, B.A (Hon-University of Toronto)

International IT and Management Consultant, author of several books

Profile:http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919

Blog: http://businessmanagementcontrols.blogspot.com/

SSRN Free Publications: http://ssrn.com/author=1315434

 

 
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)