With the rise of innovative use of information and communication technologies (ICTs), the United Nations Conference on Trade and Development (UNCTAD) cites the "challenges and threats" that go with ICT development and gives emphasis on the importance of information security and risk management in chapter 5 of its Information Economy Report (IER) 2005.
The chapter elaborately presents an appreciation of the following policy points:
- Information Security (IS) needs to be conducted from a Risk Management process perspective; managing IS from a technological, problem-response, reactive perspective is sub-optimal for firms and public institutions.
- Information Security threats mainly come in the form of "social engineering", thus purely technology based defenses are misguided - i.e. they are the Maginot Line of cybersecurity.
- Information Security threats regularly and easily transcend national boundaries, and thus the need for international cooperation and coordination, both at a technical and a policy level, is unambiguous.
- Information Security policy should be a component of the national e-policy and should be appropriately incentivized to adopt a Risk Management framework through regulation.
An overview of international policy discussions on information security concludes this chapter together with a discussion of policy recommendations for Governments and some insights to future developments and relevance for intergovernmental processes and the international community.
Read the full chapter of the IER 2005 here.