Digital security risk management

Short address for this page: https://oe.cd/dsrm

To reap the benefits of the digital environment, stakeholders need to depart from approaching digital security risk solely from a technical perspective in isolation from broader economic and social considerations. It is urgent that they integrate digital security risk management in their economic and social decision-making process. Public policy makers also need to ponder the complexity of digital security risk through its multiple dimensions from economic and social prosperity to law enforcement (“cybercrime”) to warfare to national security and international security.

The 2015 OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity includes eight high-level principles to address digital security without inhibiting economic and social prosperity:

General principles: Awareness, skills and empowerment; responsibility; human rights and fundamental values; co-operation.
Operational principles: Risk assessment and treatment cycle; security measures; innovation; preparedness and continuity.

The Recommendation also provides guidance for national strategies. A companion document is included for explanatory and illustrative purposes.

Download the Recommendation and companion document

The 2015 Recommendation replaced the 2002 OECD Guidelines for the Security for Information Systems and Networks: Towards a Culture of Security. For a historical outlook of OECD digital security instruments since 1992, see The Role of the 2002 Security Guidelines: Towards Cybersecurity for an Open and Interconnected Economy.

The Recommendation will be reviewed in 2021-2022. It is now complemented by the December 2019 OECD Recommendation on Digital Security of Critical Activities.

Digital economy

Digital security risk management