Return to > Information security and privacy
Since 1992, the OECD has been developing policy analysis and recommendations for governments and other stakeholders to better address security challenges in the digital environment from an economic and social perspective.
Digital transformation is accelerating the digital reliance of critical economic and social activities. In parallel, digital security threats have been growing in number and sophistication. This December 2019 recommendation provides guidance on how to implement the 2015 Digital Security Risk Recommendation to maintain the continuity, resilience and safety of critical activities without inhibiting the benefits of digital transformation.
Digital security risk should be treated like an economic rather than a technical issue, and should be part of an organisation’s overall risk management and decision-making, according to a this October 2015 OECD Recommendation to member countries.
The comparison of a new generation of national cybersecurity strategies in 10 OECD countries reveals that cybersecurity policy making is at a turning point. Cybersecurity has been elevated among governmental policy priorities.
The OECD is developing indicators to measure security and privacy risk. This includes statistical guidance to improve the international comparability of CSIRT statistics.
The 2008 OECD Recommendation on the Protection of Critical Information Infrastructures (CIIP) provides a shared understanding of the concept of CIIP and policy recommendations at domestic and international level.
Malware and botnets pose a serious threat to the Internet economy and to national security. The OECD has analysed this phenomenon as well as policies to address it, including the role of Internet Service Providers (ISPs) [More].
In 1997, the OECD adopted the Guidelines for Cryptography Policy to promote the use of cryptography without unduly jeopardising public safety, law enforcement and national security [More].
This work is carried out by the OECD Working Party for Security and Privacy in the Digital Economy (SPDE) for the Committee for Digital Economy Policy (CDEP).