BIAC and ICC have joined forces to develop an international business companion to the OECD’s Guidelines for the Security of Networks and Information Systems.  Entitled “Information Security Assurance for Executives,” the document is part of the business community’s efforts to contribute towards a global culture of security. 

An initial version of the guide was presented at the OECD’s Global Forum on Information Security, which took place in Oslo in October.  Intended for use in educating senior executives about information security, the paper aims to raise awareness and to emphasize the importance of information security to businesses worldwide. 

Included is an information assurance checklist, based around the nine principles of the OECD Information Security Guidelines: awareness, responsibility, response, ethics, democracy, risk assessment, security design and implementation, security management, and reassessment.  With the use of selected examples, the document demonstrates to businesses how the requirements of this checklist might be met.

Rather than outlining a specific plan for information security, this paper prepares business executives and small and medium-sized enterprises to ask appropriate and effective questions of IT professionals.  It provides some context to help inform decisions regarding the level and type of security deployed, which ultimately affects businesses in terms of cost, architecture, resources and business optimization.

The full text of the guide is available at: Click Here.