International group eyeing IT security principles, standards
The principles are broad, general and subject to interpretation.
Computerworld - WASHINGTON -- An international body representing more than 30 nations, including the U.S., is developing a set of information security principles intended to help in the development of IT security standards, best practices and potential security-related laws.
The merits of that effort by the Organisation for Economic Cooperation and Development (OECD) was examined today at a U.S. Federal Trade Commission (FTC) workshop on information security.
The OECD first issued security guidelines for information systems in 1992 but is now working on a revision that takes into account the dramatic changes in IT since then, as well as the concerns raised by the Sept. 11 terrorist attacks in the U.S.
The principles are similar to those spelled out in a constitution: broad, general and potentially subject to interpretation. Even so, Mark McCarthy, senior vice president of public policy at Visa U.S.A. Inc. in Foster City, Calif., and a participant in the workshop, said the hope is that the OECD document will "focus attention of the business community and others on the importance of information security."
The OECD guidelines, which aren't binding for any nation or company, set out as an example an "awareness principle" that calls for owners and users of IT to understand security. The "ethics principle" says IT should be handled in a way that respects the rights and legitimate interests of others.
The main message of the OECD's work, said FTC Commissioner Orson Swindle, is that "security is important, that we're all players whether want to be or not ... and what we do has the capacity to hurt ourselves but even more important, [to] hurt other people." Swindle heads the U.S. delegation involved in the effort.
The OECD's intent is to create a document that's accessible to all participants, "but the technologist would look at this at a very high principle level only," said Joseph H. Alhadeff, Oracle Corp.'s vice president for global public policy and someone who has been involved in the OECD guideline drafting process. "These are the formative issues that you need to think about that set the framework" from which you develop best practices, he noted.
Regardless of whether the OECD has any impact, companies are being pushed to consider security by other forces.
For instance, in May 2001, Visa issued its own security rules to merchants covering the storage, encryption and access of credit card data. As part of that plan, the top 100 e-commerce merchants, who account for about 70% of Internet commerce in the Visa system, are required to have their online security systems validated by a third
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- Live Webcast
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Topic Center White Papers | Webcasts