9 August 2002
Source:
http://usinfo.state.gov/cgi-bin/washfile/display.pl?p=/products/washfile/latest&f=02080702.clt&t=/products/washfile/newsitem.shtml
US Department of State
International Information Programs
Washington File
_________________________________
07 August 2002
(OECD guidance offers new ways of thinking about security) (690) The United States welcomes new information system guidelines adopted July 25 by the Organization for Cooperation and Development (OECD), a State Department spokesperson says. "The guidelines call for new ways of thinking and behaving when using information systems," Philip Reeker, State Department deputy spokesman, said in an August 7 statement. The guidelines replace the original guidelines adopted in 1992. They were developed in response to a proposal by the United States to review guidance for online security and were completed ahead of a May 2003 deadline. OECD countries will use the guidelines to establish policies, measures and training for security programs, according to an August 7 OECD press release. The guidelines, which are non-binding, are available on the Internet at: http://www.oecd.org/pdf/M00033000/M00033182.pdf The guidelines address awareness, responsibility, response, ethics, democracy, risk assessment, security design and implementation, security management and reassessment. Following is the text of the State Department statement: (begin text) Statement by Philip T. Reeker, Deputy Spokesman OECD Calls for Culture of Security for Information Systems We welcome the announcement today (August 7) of completion of "Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security" by the Organization for Economic Cooperation and Development (OECD). Responding to the dramatic changes in computing power, use of the Internet, and development of networked systems, today's announcement is a milestone marking a new international understanding of the need to safeguard the information systems on which we increasingly depend for our way of life. These new OECD guidelines, which replace the original guidelines published in 1992, provide a set of principles to help ensure the security of today's interconnected communications systems and networks. They are applicable to all, from those who manufacture, own, and operate information systems to those individual users who connect through home PCs. Importantly, the guidelines call for new ways of thinking and behaving when using information systems. They encourage the development of a "Culture of Security" as a mindset to respond to the threats and vulnerabilities of communications networks. The nine principles address Awareness, Responsibility, Response, Ethics, Democracy, Risk Assessment, Security Design and Implementation, Security Management, and Reassessment. The guidelines were developed with the full cooperation of the OECD's Business Industry Advisory Council (BIAC) and representatives of civil society. In October 2001 the OECD Committee on Information, Computer, and Communication Policy (ICCP) responded positively to a US proposal for an expedited review of the security guidelines. The OECD member countries, businesses, civil society and the OECD Secretariat shared our sense of urgency and responded with full cooperation and support. Originally scheduled for completion in May 2003, the adoption of these guidelines by the OECD Council on July 25 demonstrates the ability of the OECD to respond to global challenges and shows the continuing relevance of the OECD to today's important issues. Completion of the guidelines is only the first step. U.S. Government agencies are developing plans and materials to use the guidelines in their outreach activities to the private sector, the public and other governments. We encourage business, industry and consumer groups to join us in using the guidelines as they develop their own approaches to security of information systems and networks, and in the development of a Culture of Security for information systems and networks. (end text) (Distributed by the Office of International Information Programs, U.S. Department of State. Web site: http://usinfo.state.gov)