The new security guidelines will replace the guidelines first issued in 1992 as a basis “for improving international co-ordination and co-operation to meet the evolving challenges and risks posed by threats to information systems and networks.”
According to the OECD, the guidelines aim to develop a “culture of security” among governments, businesses and individual users, in the new environment of interconnectivity across national borders and converging technologies. The guidelines, which are not binding, urge all users of information technology to adhere and implement nine basic principles.
These cover such areas as security awareness, risk assessment and security design and implementation, as well as ethics, responsibility and democratic values.
The new guidelines are the product of discussions between OECD governments, representatives of the information technology industry, business users and civil society. Non-OECD countries have been invited to adopt similar approaches.