This paper provides an overview of the history of the OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (“Security Guidelines”) since the
adoption of their first version in 1992. It explains that the 2002 revision of the Guidelines introduced a fundamental paradigm shift in the way IT security was previously addressed, in order to take
into account the emergence of the open Internet and the generalisation of interconnectivity.
