International group eyeing IT security principles, standards
The principles are broad, general and subject to interpretation.
Computerworld - WASHINGTON -- An international body representing more than 30 nations, including the U.S., is developing a set of information security principles intended to help in the development of IT security standards, best practices and potential security-related laws.
The merits of that effort by the Organisation for Economic Cooperation and Development (OECD) was examined today at a U.S. Federal Trade Commission (FTC) workshop on information security.
The OECD first issued security guidelines for information systems in 1992 but is now working on a revision that takes into account the dramatic changes in IT since then, as well as the concerns raised by the Sept. 11 terrorist attacks in the U.S.
The principles are similar to those spelled out in a constitution: broad, general and potentially subject to interpretation. Even so, Mark McCarthy, senior vice president of public policy at Visa U.S.A. Inc. in Foster City, Calif., and a participant in the workshop, said the hope is that the OECD document will "focus attention of the business community and others on the importance of information security."
The OECD guidelines, which aren't binding for any nation or company, set out as an example an "awareness principle" that calls for owners and users of IT to understand security. The "ethics principle" says IT should be handled in a way that respects the rights and legitimate interests of others.
The main message of the OECD's work, said FTC Commissioner Orson Swindle, is that "security is important, that we're all players whether want to be or not ... and what we do has the capacity to hurt ourselves but even more important, [to] hurt other people." Swindle heads the U.S. delegation involved in the effort.
The OECD's intent is to create a document that's accessible to all participants, "but the technologist would look at this at a very high principle level only," said Joseph H. Alhadeff, Oracle Corp.'s vice president for global public policy and someone who has been involved in the OECD guideline drafting process. "These are the formative issues that you need to think about that set the framework" from which you develop best practices, he noted.
Regardless of whether the OECD has any impact, companies are being pushed to consider security by other forces.
For instance, in May 2001, Visa issued its own security rules to merchants covering the storage, encryption and access of credit card data. As part of that plan, the top 100 e-commerce merchants, who account for about 70% of Internet commerce in the Visa system, are required to have their online security systems validated by a third
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Market Overview: Digital Customer Experience Delivery Platforms Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- The Growing Demand for Rich Media This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and...
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Topic Center White Papers | Webcasts