Press Statement Philip T. Reeker, Deputy Spokesman Washington, DC August 7, 2002 OECD Calls for Culture of Security for Information SystemsWe welcome the announcement today (August 7) of completion of "Guidelines for the Security of Information Systems and Networks: Towards a Culture of Securityā€¯ by the Organization for Economic Cooperation and Development (OECD). Responding to the dramatic changes in computing power, use of the Internet, and development of networked systems, today's announcement is a milestone marking a new international understanding of the need to safeguard the information systems on which we increasingly depend for our way of life. These new OECD guidelines, which replace the original guidelines published in 1992, provide a set of principles to help ensure the security of today's interconnected communications systems and networks. They are applicable to all, from those who manufacture, own, and operate information systems to those individual users who connect through home PCs. Importantly, the guidelines call for new ways of thinking and behaving when using information systems. They encourage the development of a "Culture of Security" as a mindset to respond to the threats and vulnerabilities of communications networks. The nine principles address: Awareness, Responsibility, Response, Ethics, Democracy, Risk Assessment, Security Design and Implementation, Security Management, and Reassessment. The guidelines were developed with the full cooperation of the OECD's Business Industry Advisory Council (BIAC) and representatives of civil society. In October 2001 the OECD Committee on Information, Computer, and Communication Policy (ICCP) responded positively to a U.S. proposal for an expedited review of the security guidelines. The OECD member countries, businesses, civil society and the OECD Secretariat shared our sense of urgency and responded with full cooperation and support. Originally scheduled for completion in May 2003, the adoption of these guidelines by the OECD Council on July 25 demonstrates the ability of the OECD to respond to global challenges and shows the continuing relevance of the OECD to today's important issues. The text of the guidelines is available at www.oecd.org. Completion of the guidelines is only the first step. U.S. Government agencies are developing plans and materials to use the guidelines in their outreach activities to the private sector, the public and other governments. We encourage business, industry and consumer groups to join us in using the guidelines as they develop their own approaches to security of information systems and networks, and in the development of a Culture of Security for information systems and networks. |