International security guidelines updated

The international security standard developed by the Organisation for Economic Co-operation and Development (OECD) has been updated for the first time in 10 years to give more protection to companies using the internet.

The OECD's new 7799 guidelines will focus on security awareness, education and responsibility, proposing that security measures be incorporated from the ground up as an essential element of information systems.

Risk assessments will also be proposed as an essential tool for securing networks, and co-operation and swift action will be considered as vital to the prevention and detection of security breaches.

E-commerce minister Stephen Timms said: "We are faced with a major challenge of making the information age a safe place to do business. Today's launch marks a turning point in how we rise to that challenge.

"The UK has very actively supported and contributed to the revision of the original guidelines laid out in 1992. The new guidelines provide a set of principles that will help us create a culture of security."

The recent Information Security Breaches Survey from the Department of Trade and Industry revealed that fewer than a third of businesses encrypt files containing confidential details, and over a third of UK websites have no firewall in place.

Viruses are still identified as the cause of the most serious security breaches, but 17 per cent of businesses still have no software in place to guard against such attacks.

The Confederation of British Industry (CBI) welcomed the reviewed guidelines. CBI representative Jeremy Ward said: "Far too many businesses today are crossing the information highway without knowing anything about the risk.

"As a result, too many of them are becoming involved in nasty accidents involving information security.

"The key issue is not so much what individual businesses must do to protect themselves, although this is still very important, but rather the creation of an environment of trust and security.

"Development of such an environment will require close and co-ordinated co-operation between industry and government. The guidelines are the Green Cross Code of the information superhighway."