꼬물이

OECD 정보보호 가이드라인 본문

정보보안/정보보호 관리

OECD 정보보호 가이드라인

빨간고양이 2018. 7. 3. 14:51

OECD Guidelines for the Security of Information Systems and Networks : Towards a Culture of Security

(2002년)


9원칙 

: 인식,책임의식,대응,윤리,민주성,위험평가,설계와이행,관리,재평가


* 2015년에 다음으로 대체됨

Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity


8원칙

: 인식·기술·강화, 책임, 인권과 기본가치, 협력, 위험평가와 관리순환, 보안조치, 혁신, 준비와 연속성


* 원문 참조


OECD Guidelines for the Security of Information Systems and Networks : Towards a Culture of Security


1) Awareness

Participants should be aware of the need for security of information systems and networks and what they can do to enhance security.


2) Responsibility

All participants are responsible for the security of information systems and networks.


3) Response

Participants should act in a timely and co-operative manner to prevent, detect and respond to security incidents.


4) Ethics

Participants should respect the legitimate interests of others.


5) Democracy

The security of information systems and networks should be compatible with essential values of a democratic society.


6) Risk assessment

Participants should conduct risk assessments.


7) Security design and implementation

Participants should incorporate security as an essential element of information systems and networks.


8) Security management

Participants should adopt a comprehensive approach to security management.


9) Reassessment



Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity


General Principles


1. Awareness, skills and empowerment

All stakeholders should understand digital security risk and how to manage it. 


2. Responsibility

All stakeholders should take responsibility for the management of digital security risk.


3. Human rights and fundamental values

All stakeholders should manage digital security risk in a transparent manner and consistently with human rights and fundamental values.


4. Co-operation

All stakeholders should co-operate, including across borders.


Operational Principles


5. Risk assessment and treatment cycle

Leaders and decision makers should ensure that digital security risk is treated on the basis of continuous risk assessment.


6. Security measures

Leaders and decision makers should ensure that security measures are appropriate to and commensurate with the risk.


7. Innovation

Leaders and decision makers should ensure that innovation is considered.


8. Preparedness and continuity

Leaders and decision makers should ensure that a preparedness and continuity plan is adopted.







0 Comments
댓글쓰기 폼