OECD Work

Send

Download the OECD Information Security Policy Factsheet

The core OECD instrument in the area of information security is the OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security ("Security Guidelines") adopted by the OECD Council in July 2002.

The OECD Security Guidelines aim to promote security in the design and use of ICTs through:

Guiding the development of effective national policies to address security threats and vulnerabilities in a global interconnected society, while preserving important societal values such as privacy and individual freedom.
Developing a ”Culture of Security” across society so that security becomes an integral part of the daily routine of individuals, businesses, and governments in their use of ICTs and conduct of online activities.
Encouraging each participant to become aware of risks, assume responsibility and take steps to enhance the security of information systems and networks while respecting respect ethical values.
Providing a clear reference framework based on 9 principles at policy and operational levels.
Benefitting the broader international community: the United Nations, the Council of the European Union, APEC and ASEM have all recognised or used the Guidelines in their work.

After the adoption of the Guidelines, the OECD carried out a series of work to assist member and non-member countries in the implementation of a culture of security.

An implementation plan for co-ordinated national online security policies with regard to implementing the OECD Security Guidelines was agreed by OECD member countries in 2003.
A Global Forum on Information Systems and Networks Security was organised in Oslo, Norway in October 2003.
The results of a survey of national implementation activities were made available to the public in June 2004.
A workshop on Security of Information Systems and Networks, in co-operation with APEC TEL, took place in Seoul, Korea, in September 2005. It included sessions on spyware, CERTs, SMEs awareness and Identity Management.
A more detailed survey was developed to facilitate the sharing of experience and best practices on the Promotion of a Culture of Security for Information Systems and Networks in OECD Countries at national level. It was prepared by the OECD secretariat based on responses from 18 OECD member countries and made public in December 2005

The OECD is currently (2006) working on a comparative study of national policies related to critical information infrastructure protection.

In addition, several other works carried out by the OECD are related to security of information systems and networks, such as the work on privacy, electronic authentication, biometrics, identity management (ongoing) and RFID and sensors (ongoing). Spam is another area where the OECD has been very active. For more details, visit the WPISP page and the information-security section of the main OECD site (www.oecd.org/sti/security-privacy).

Top of page

Don't miss

Promoting a Culture of Security

OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security

The 2002 Security Guidelines provide high-level policy principles aimed at all participants to foster a culture of security for information systems and networks

The Promotion of a Culture of Security for Information Systems and Networks in OECD Countries

A major information resource on governments’ efforts to foster a shift in culture as called for in the OECD Security Guidelines, 2005

Culture of Security (Home)

OECD Work

Don't miss