International Telecommunication Union   ITU
Site Map Contact us Print Version
 Tuesday, August 14, 2007

On 16 July 2007, the European Commission issued a set of draft recommendations on eHealth interoperability. This supports the idea that connecting people, systems, and services would be vital for the provision of good healthcare in Europe.

The lack of interoperability in systems and services has long been identified as one of the major challenges to the wider implementation of the Union's e-Health applications.

The goal of this Recommendation is to contribute to enabling the provision of a means of authorised healthcare professionals to gain managed access to essential health information about patients, subject to the patients' consent, and with full regard for data privacy and security requirements. Such information could include the appropriate parts of a patient's electronic health record, patient summary and emergency data from any place in Europe: within countries, in cross-border regions, and between countries.

The proposed actions cover the following areas:

  • The overall (political/legal) level of eHealth interoperability inclusing privacy and confidentiality
  • Creating the organisational framework (or process) for e-Health interoperability
  • Applications (including semantic) interoperability
  • Architectural and technical interoperability including security, certification and accreditation
  • Monitoring and evaluation

For full information, click here.

Tuesday, August 14, 2007 1:15:44 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The first Global Information Society Watch 2007 report was released at the United Nations' Palais des Nations in Geneva on 22 May 2007 and during the The Third Annual SANGONeT "ICTs for Civil Society" Conference and Exhibition in Johannesburg, South Africa on 18 July 2007. The report discusses the state of the field of information and communication technology (ICT) policy at local and global levels and particularly how policy impacts on the lives of people living in developing countries.

Studies of the ICT policy situation in twenty-two countries from four regions are featured: Africa (Democratic Republic of Congo, Egypt, Ethiopia, Kenya, Nigeria, South Africa and Uganda); Asia (Bangladesh, India, Pakistan and the Philippines); Latin America (Argentina, Brazil, Colombia, Ecuador, Mexico and Peru); and Eastern Europe (Bosnia and Herzegovina, Bulgaria, Croatia and Romania), with one report from a Western European country (Spain).

The report concludes that when it comes to ICTs for development, there are some conspicuous similarities between the countries. Excluding Spain, the other twenty-one countries each show obvious evidence of the "digital divide" which impacts on the majority of people negatively. The report also includes provocative, analytical essays on five international institutions (including ICANN and the World Intellectual Property Organisation) questioning the extent to which they allow all stake-holders to participate in their processes. There is a special section on how to measure progress as well.

Read more on the Global Information Society Watch.

Tuesday, August 14, 2007 11:04:02 AM (W. Europe Standard Time, UTC+01:00)  #     | 

On Sydney Morning Herald's Veto for Parents on Web Content, it was announced that ISPs in Australia will be obligated to filter web content at the request of parents. This is part of the $189 million Federal Government crackdown on online bad language, pornography and child sex predators. According to the Prime Minister, John Howard, the Government would increase funding for the federal police online child sex exploitation team by $40 million to aid investigators to track those who prey on children through chat rooms and sites such as MySpace and Facebook. The Government is also expected to pay $90 million to provide every concerned household with software to filter internet content.

According to the article, the more efficient compulsory filtering of internet service providers (ISPs) was proposed in March last year by the then Labor leader, Kim Beazley, which the Communications Minister, Helen Coonan, and ISPs criticised as expensive then. Three months later Senator Coonan announced the Government's Net Alert policy, promising free filtering software for every home that was interested. She also announced an ISP filtering trial to be conducted in Tasmania, but that trial was scrapped.

The ISP filtering measure, according to Mr. Howard is a world first by any Government, and is expected to offer funding to help cover the cost. An ISP filter option will be made available to parents when they sign up with an ISP. This service will be compulsory to all ISPs. The measures are expected to be implemented by the end of this month.

US authorities have reported last month that more than 29,000 convicted sex offenders had profiles on MySpace. In Australia, about 26 per cent of Australia's 3.8 million MySpace users are under 18. To protect the users, MySpace has written to all state and territory governments, and the Commonwealth, asking them to create a national child-sex offender database that requires email addresses to enable them to track sex offenders and remove their profiles on the system.

Read the full article here.

Tuesday, August 14, 2007 10:34:03 AM (W. Europe Standard Time, UTC+01:00)  #     | 

A Report entitled Personal Internet Security from the House of Lords Science and Technology Committee has been made available on Friday discussing primarily the issues pertaining to individual experiences of the Internet. In the report, the U.K., ISPs and others, has been said to unfairly hold Internet users responsible for online safety. According to the panel, this "laissez-faire" attitude toward personal security is what weakens user confidence. The report proposes that ISPs should be held responsible and avoid them from ignoring spam and malware notices, and that information technology vendors be held liable for not making products secure.

Network security, appliances and applications, how businesses and individuals use the Internet and policing of the online world were studied and dealt with in the Lords inquiry. It also noted that the U.K. government is at fault for not showing leadership in assembling available information and interpreting it for the public. "The Government are not themselves in a position directly to gather the necessary data, but they do have a responsibility to show leadership in pulling together the data that are available, interpreting them for the public and setting them in context, balancing risks and benefits. Instead of doing this, the Government have not even agreed definitions of key concepts such as 'e-crime'." The report recommends the establishment of a cross-departmental group in the Government, "bringing in experts from industry and academia, to develop a more co-ordinated approach to data collection in future. This should include a classification scheme for recording the incidence of all forms of e-crime. Such a scheme should cover not just Internetspecific crimes, such as Distributed Denial of Service attacks, but also e-enabled crimes - that is to say, traditional crimes committed by electronic means or where there is a significant electronic aspect to their commission."

The committee points out the need for more support for research from the industry as well. "The development of one or more major multidisciplinary research centres, following the model of CITRIS, is necessary to attract private funding and bring together experts from different academic departments and industry in a more integrated, multi-disciplinary research effort."

End-users are still predominantly viewed as unable to protect their own security according to the report. And private companies are driven by strong incentives to either promote security for profit or to oppose it as imposing costs on them according to lawmakers. The committee, thus, proposes that ISPs, being the link between the users and the network, could take more control over the network traffic by blocking or filtering traffic containing malicious code. "We do not advocate immediate legislation or heavy- handed intervention by the regulator," says the lawmakers, adding that the market must be nudged to provide better security.

Further recommendations of the committee include criminalizing trade in botnet services, no matter what their use, creating a unified, Web-based reporting scheme for e-crime, more action on creating a central e-crime police unit, fast ratification of the Council of Europe CyberCrime Convention, and educating courts on Internet crime.

Read the full article on Factiva Content Watch.
To access the report, click here.

Tuesday, August 14, 2007 9:56:33 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, August 13, 2007

On ZDNet Australia's article, "Knowledge is greatest threat to critical infrastructure," researchers and security experts agree that Australia's critical infrastructure still proves to be vulnerable due to insufficiency and lack of educational resources. The article discusses the problem with the security of Supervisory Control and Data Acquisition (SCADA) systems, "the central nervous system for sensors, alarms and switches that provide automated control and monitoring functions for utilities such as water, gas and electricity, as well as large manufacturers."

Jill Slay of the University of South Australia's Defence and Systems Institute, said at the inaugural International Federation for Information Processing (IFIP) Critical Infrastructure Protection conference that Australia needed more stringent audits of SCADA network access, better training and stricter controls over contractors. She believes Federal Government initiatives such as the Trusted Information Sharing Network are good but, at present, are insufficent to keep the SCADA operators aware and updated of current threats and response strategies.

The article also points out that due to the threat of terrorism, there has been increased security concerns on essential services as SCADA systems have increasingly been accessible over TCP/IP protocol corporate networks to improve process automation and visibility of data. According to the article, "the Federal Government's approach to SCADA security has been to garner industry support through cooperative initiatives such as its Trusted Information Sharing Network, a community of practice networks dedicated to fostering knowledge-sharing and training between government, industry and academia," however "the amount of information available on SCADA systems online provides such a large amount of information out there for those who want to find network vulnerabilities in critical infrastructure."

To read the full article, proceed here.

Monday, August 13, 2007 1:24:50 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, August 10, 2007

The Journal Record reported on a hospital group in Oklahoma City, USA that is developing a technology program to better connect its hospitals and clinics in the metropolitan area with its seven rural hospitals. This program uses the existing hospitals’ infrastructure, and will cost USD 30,000 to develop. It will initially focus on fetal monitoring and on sharing records amongst hospitals, which will allow doctors to assist patients at different locations in remote areas. 

Read the full article here.

Friday, August 10, 2007 1:26:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, August 09, 2007

On 30 July 2007 in Berlin and 27 June 2007 in Tokyo, the Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan signed a Joint Statement expressing the following:

"Information and Communications Technologies (ICT), including the Internet, are key enablers in the development of the economies in both Germany and Japan. Spam poses a potential threat to this economic development. It must be made clear that spam has no legitimate role in the German or Japanese e-economy.

The Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan see mutual benefit in strengthening friendship and cooperation between their two countries through cooperation concerning anti-spam policies and strategies. The aim is to support international cooperation in and among a variety of organizations such as the Organization for Economic Cooperation and Development, the International Telecommunication Union, the United Nations Conference on Trade and Development, the Internet Engineering Task Force, the International Consumer Protection and Enforcement Network, and the Asia-Europe Meeting.

Under this Joint Statement, cooperation in matters of mutual interest will be able to take place through the exchange of ideas, information, personnel, skills and experience and collaborative activities that will be of benefit to both sides. Because spam has implications for many groups of stakeholders, every effort will be made to ensure that all interested parties, both public and private, are consulted as appropriate. Particular areas of cooperation will include:

a) Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam;

b) Encouraging the adoption of effective anti-spam technologies and network management practices by German and Japanese Internet Service Providers and major business network managers, and further cooperation between government and private sectors;

c) Supporting German and Japanese marketers or bulk email senders in adopting spam-free marketing techniques;

d) Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of multi-stakeholder public information and awareness campaigns to foster increased adoption of anti-spam practices and behaviours by end users in Germany and Japan;

e) Cooperating to strengthen anti-spam initiatives being considered in international fora."

To access the Joint Statement in different languages, click here.

Thursday, August 09, 2007 11:29:58 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, August 03, 2007

SRI and Georgia Tech have been working on a new tool, BotHunter, that aims to quickly locate bot traffic inside a network. "BotHunter introduces a new kind of passive network perimeter monitoring scheme, designed to recognize the intrusion and coordination dialog that occurs during a successful malware infection. It employs a novel dialog-based correlation engine, which recognizes the communication patterns of malware-infected computers within the network perimeter.  A government/military version of this software has been in use successfully for about a month, and a public version has recently been released. A highly interactive honeynet using BotHunter is also run by SRI. Dozens of new infections are detected each day, and the site proves to be very helpful in understanding the behavior of the received malware. It generates a list of potentially evil IP addresses and DNS queries as well."

For more information on this new software, visit the BotHunter site.

Friday, August 03, 2007 11:29:24 AM (W. Europe Standard Time, UTC+01:00)  #     | 

An Informational draft RFC by John Curran was recently published, outlining an IPv4 to IPv6 transition plan. The paper provides a clear guidance to organizations regarding specific expectations that change over time, and vary greatly by organization. A timeline of the different phases was set with the intention of allowing enough time for the necessary planning and deployment steps which each organization must undertake. The author proposes the transition to predominantly IPv6-connectivity by Januaray 2011 in response to meeting the overall requirements of allowing the Internet to scale as specified in "The Recommendation for the IP Next Generation Protocol" [RFC1752].

On the contrary, Randy Bush provides a very informative presentation, IPv6 Transition & Operational Reality, regarding the reality of such a transition. The presentation discusses the different myths about IPv4 and IPv6, the emergence of a market for IPv4 addresses, and the transition from allocation to entitlement among others.

For more background data and interesting comments from Geoff Huston, read his IPv4 Address Report or his ISP column articles on The End of (IPv4) World, and Transition to IPv6.

Friday, August 03, 2007 10:53:05 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, August 01, 2007
The UNESCO Office in Bangkok launched an interactive online forum targeted to educators, teachers, administrators, policy makers and others to foster discussions on topics relating to the use of information and communication technologies in education.
For more information, see ICT-in-Education online community.
Wednesday, August 01, 2007 12:03:12 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, July 31, 2007

To aid in choosing a good DNSBL, Swa Frantzen proposes at the SANS Internet Storm Center several tips and tricks in gauging which blacklists are effective. Presented as well are several criteria that must be considered by the blacklist administrators. Among the criteria they suggest are:

  • Speed of reaction
  • Selection criteria
  • Goal of the blacklist
  • Ease of getting unlisted
  • Working Email contact to get unlisted
  • Out of band contact details
  • Blocking for the right reasons
  • Duration of a block
  • Automatic delisting
  • Granularity of the block
  • Security of the blacklist provider
  • Extortion
  • Warning to those getting listed

To read the full article, click here.

Tuesday, July 31, 2007 3:57:21 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Saturday, July 28, 2007

In order to ensure transparent procurement at reduced costs in Chinese hospitals, the China Medical Equipment Association (CMEA) under the auspice of the Ministry of Health will draw up a recommended list of medical equipment to be used for purchasing decisions. The list will be based on an open and fair assessment of medical equipment considering the needs of the partners involved (including the government, hospitals and manufacturers), according to CMEA. Purchases should be made by the Ministry's International Communication and Cooperation Center.

Furthermore, China earmarked 1.2 bln yuan (about 157.9 million USD) to purchase medical equipment for hospitals in the country's poor rural areas through government procurement and public bidding. As mentioned by an official of the Ministry of Health, the list of new equipment would include electro-cardiographs, ultrasound scanners, operation beds and respiratory mechanics.

For more information, see Xinhua News Agency and here.

Saturday, July 28, 2007 11:35:43 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, July 27, 2007

A report released Monday by Government Accountability Office (GAO), a congressional research and investigation agency, reveals that cybercrime (computer crime, identity theft and phishing) costs the U.S. economy US$117.5 billion a year.

"These projected losses are based on direct and indirect costs that may include actual money stolen, estimated cost of intellectual property stolen, and recovery cost of repairing or replacing damaged networks and equipment," says the report, released through the offices of Reps. Bennie G. Thompson (D-Miss.), chairman of the committee on Homeland Security, and James R. Langevin (D-R.I.), chairman of the subcommittee on Emerging Threats, Cybersecurity, Science and Technology. However, according to the lead author of the report, GAO Director of IT Management Issues David A. Powner, the staggering losses pegged to cybercrime may even be worse than estimated. "Whatever is reported by organizations, most of that will likely be underreported because of disincentives to report losses," he says.

The GAO report also acknowledges that certain personnel policies at federal law enforcement agencies may be hurting the fight against cybercrime. "[S]taff rotation policies at key law enforcement agencies may hinder the agencies' abilities to retain analytical and technical capabilities supporting law enforcement," the report observes. "In order to address the challenge of ensuring adequate law enforcement analytical and technical capabilities," it continues, "we are recommending that the Attorney General and the Secretary of Homeland Security reassess and modify, as appropriate, current rotation policies to retain key expertise necessary to investigate and prosecute cybercrime."

Read the full article at E-Commerce Times.

Friday, July 27, 2007 2:17:02 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Secure Science Corporation, in their GPCode Evolution Report, describes the more obscure, previously undocumented traits belonging to the most recent Ransom-based Trojan (known as Glamour). "The code is a modified version of the Prg/Ntos family which was detailed in depth during their Encrypted Malware Analysis in November 2006. While a majority of the functionality has not changed since then, this recent variant is distinctive enough to warrant additional research. In particular, the trojan is now equipped with the ability to encrypt a victim's files on disk. The motive for adding this feature is clearly monetary, as the victim is advised that the files will remain encrypted unless $300 is turned over to the authors, in exchange for a decryption utility." According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan.

Read more about this report on the Secure Science Blog. Access the GPCode Evolution Report here. Secure Science Corporation has also provided the source code for the decrytor and is available here.

Friday, July 27, 2007 1:08:04 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, July 25, 2007

More and more citizens in Singapore are using government services online, of which 98% can be accessed on a 24/7 hour basis. Such e-government services include, inter alia, online business licensing services that allow entrepreneurs to register their business online, which would result in significant company savings.

To protect Singapore's critical infrastructure from cyber attacks the government established a national cyber threat monitoring scheme in March 2007. International collaboration through computer emergency response teams (CERTS) represents another approach of combating the threats from cyberspace. Through both a public education campaign on cybersecurity and a legal environment dealing with computer misuse, spam, electronic transactions, etc. Singapore aims to increase confidence in using its e-government services.

To read the full article "S'pore: E-govt success lures cyber terrorists" by L. Tann, ZDNet Asia, click here.

Wednesday, July 25, 2007 3:48:03 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Sophos recently released its global statistics naming the top 12 spam-relaying countries for the period between April to June 2007. The US and China tops the list, while Europe, on the other hand, houses six of the top 12 countries mentioned in the statistics, which when combined, account for even more spam-relaying than the U.S. The statistics reveal as well that the overall global volume of spam rose by 9% during the second quarter, when compared to the same period in 2006.

"'While the US remains top spam dog, the latest chart emphasises the urgent need for joined-up global action to combat this growing problem,' said Carole Theriault, senior security consultant at Sophos. 'For every spam campaign, the spammers, the compromised computers used, and the people being deluged by the unsolicited mail are often located in totally different parts of the world. A consolidated effort is needed not only to pursue and prosecute spammers, but also to convince computer users everywhere of the importance of blocking rather than responding to spam messages. Everyone has a part to play if we are to win the global battle against spam.'"

Statistics on spam relayed by continent, however, show Asia as the top spam-relaying continent with the number of Asian nations relaying smaller amounts of spam. Europe, which topped the chart in the first quarter of 2007, has reduced its percentage by 6.6 percent and fallen to second place. Asia, North America, South America and Africa have all seen rises in spam-relaying activity.

Read the full article here.

Wednesday, July 25, 2007 9:08:27 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, July 24, 2007

A growing, sophisticated technique of propagating cyber-crime, dubbed as fast-flux service networks, has increasingly been elevating the threats we face today on the Internet. "Fast-flux service networks are a network of compromised computer systems with public DNS records that are constantly changing, in some cases every few minutes. These constantly changing architectures make it much more difficult to track down criminal activities and shut down their operations." Despite the awareness of researchers and ISPs of fast-flux for over a year now, all of the current researches on fast-flux is new.

According to the Honeynet Project & Research Alliance, criminal organizations behind two infamous malware families, Warezov/Stration and Storm, have recently adopted this so-called fast-flux service networks into their infrastructures. "The purpose of this technique is to render the IP-based block list, a popular tool for identifying malicious systems, useless for preventing attacks," says Adam O'Donnell, director of emerging technologies at security vendor Cloudmark.

To fight against fast-flux, "ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; 'blackhole' DNS and BGP route-injection; and monitor DNS."

Access the full article at the Dark Reading website.

Read more about fast flux service networks on the the Honeynet Project & Research Alliance's new report on the emerging networks and techniques.

Tuesday, July 24, 2007 9:06:38 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, July 23, 2007

The Africa Health Infoway is a World Health Organization (WHO) project supported by the Department for International Development (DfiD) that aims to provide a technology platform that supports the collection of sub national health data and statistics for analysis, dissemination and use to facilitate decision making in health, and strengthen capacity of African countries to use information in decision making. It is a district-based public health information network for African health which focuses on infostructure and connectivity, district health information systems, and knowledge translation into policy and action.

For more information on the Africa Health Infoway, click here.

Monday, July 23, 2007 3:31:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The OECD's Ministerial meeting on the Future of the Internet Economy has been opened to an Online Public Consultation, providing an opportunity for all stakeholders to comment on the topics and issues to be discussed at event. The public consultation is scheduled to be open until 14 September 2007, and stakeholders and players may share their views and opinions with the OECD through their Online Questionnaire.

"The Ministerial represents an opportunity for high-level stakeholders from government, business, the technical community, and civil society to consider broad social, economic and technical trends shaping the development of the Internet Economy, and to discuss policies that can respond to evolving societal needs. The participation of all players in the dialogue is important to ensure that the Ministerial is able to benefit from a wide range of viewpoints and expertise."

For more information on the public consultation, go here or visit the OECD website.

Monday, July 23, 2007 10:01:31 AM (W. Europe Standard Time, UTC+01:00)  #     | 

KPMG, a global network of professional firms providing audit, tax, and advisory services, released a report on Cross-Border Investigations: Effectively Meeting the Challenge.

KPMG, along with the research firm Penn, Schoen and Berland Associates Inc. approached multinational businesses in diverse industries around the world, and asked those charged with the responsibility for cross-border investigations within those companies how they responded to their current challenges. As the trade barriers fall and international commerce expands, and as the speed of conducting business and remitting funds increases, companies that conduct business across international boundaries are recognizing the corresponding increase in the risk of fraud and misconduct. They thus face several challenges such as taking the appropriate first steps, cultural and legal differences, investigation resources, and the availability and accessibility of electronic data.

The report proposes that an effective approach can lower the risk of the occurrence of fraud or misconduct, thus lowering the possibility of being hit with serious sanctions, can demonstrate to regulators, shareholders, stakeholders, bond-ratings agencies, and the capital markets that the business takes accountability and control seriously, thereby mitigating damage to reputations, can exhibit the business's commitment to overall corporate governance activities, and can assist in a rapid and efficient response before issues spiral beyond control.

This report aims to provide insights into possible responses to the described challenges. It points out as well that an effective cross-border investigations plan demonstrates not only an organization's sound risk management practices, but also its overall commitment to good corporate governance.

Read the full report here.

Monday, July 23, 2007 9:14:02 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, July 20, 2007

The OECD Committee for Information, Computer and Communications Policy (ICCP), through its Working Party on Information Security and Privacy (WPISP) has developed the Recommendation on Electronic Authentication and the Guidance for Electronic Authentication. The project was made possible with the participation of Jane Hamilton from Industry Canada and with the support of delegates from Australia, France, Hungary, Korea, Norway, the United States, the OECD Secretariat and the Business and Industry Advisory Committee (BIAC) to the OECD. On 12 June 2007, the OECD Council adopted the Recommendation, and the Guidance for Electronic Authentication, was adopted by the ICCP Committee in April and declassified on 12 June 2007 by the OECD Council.

The Recommendation encourages efforts by OECD member countries to establish compatible, technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities. It also reaffirms the important role of electronic authentication in fostering trust online and the continued development of the digital economy.

The OECD Guidance on Electronic Authentication aims to assist OECD member countries and non-member economies in establishing or amend their approaches to electronic authentication with a view to facilitate cross-border authentication. The Guidance sets out the context and importance of electronic authentication for electronic commerce, electronic government and many other social interactions. It provides a number of foundation and operational principles that constitute a common denominator for cross-jurisdictional interoperability.

Both the Recommendation and the Guidance conclude a work stream initiated in response to the "Declaration on Authentication for Electronic Commerce" adopted by Ministers at the Ottawa Ministerial Conference held on 7-9 October 1998 and serve as a bridge to future OECD work on identity management.

The ITU Telecommunication Standardization Sector with its Focus Group on Identity Management (FG IdM) works to facilitate the development of a generic Identity Management framework, by fostering participation of all telecommunications and ICT experts on Identity Management. To read more about the ITU-T FG IdM activities, go here.

Read the full article on the OECD Recommendation on Electronic Authentication and the Guidance for Electronic Authentication here.

Friday, July 20, 2007 9:58:44 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, July 19, 2007

The Internet Society of New Zealand (InternetNZ) released the ISP Spam Code of Practice in May 2007 for public consultation, and it had been open to comments until 18 June 2007. The Code was developed by the InternetNZ / Telecommunication Carriers' Forum (TCF) / The Marketing Association (MA) Working Party which has representation from a cross section of service providers and other interested parties.

The ISP Spam Code of Practice was created in keeping with the requirements of the Unsolicited Electronic Messages Act 2007 of the New Zealand government. It had also been developed with regard to the MA’s Code of Practice for Direct Marketing and the TCF’s SMS Anti-Spam Code, which both deal with Spam related issues, as well as to the TCF’s Customer Complaints Code.

Both consumers and service providers are expected to benefit from the adoption of this Code. The Code aims to establish practices that will lead to the minimization of Spam in New Zealand. It also aims to provide information to end users about both preventative and curative steps against Spam. Anticipated benefits to the service providers include the generation of higher levels of customer satisfaction and improved operational efficiency due to the reduced volumes of spam.

Public submissions on the Code can be found here.

Visit the Internet Society of New Zealand website for further details.

Thursday, July 19, 2007 10:43:58 AM (W. Europe Standard Time, UTC+01:00)  #     | 

With the rise of innovative use of information and communication technologies (ICTs), the United Nations Conference on Trade and Development (UNCTAD) cites the "challenges and threats" that go with ICT development and gives emphasis on the importance of information security and risk management in chapter 5 of its Information Economy Report (IER) 2005.

The chapter elaborately presents an appreciation of the following policy points:

  • Information Security (IS) needs to be conducted from a Risk Management process perspective; managing IS from a technological, problem-response, reactive perspective is sub-optimal for firms and public institutions.
  • Information Security threats mainly come in the form of "social engineering", thus purely technology based defenses are misguided - i.e. they are the Maginot Line of cybersecurity.
  • Information Security threats regularly and easily transcend national boundaries, and thus the need for international cooperation and coordination, both at a technical and a policy level, is unambiguous.
  • Information Security policy should be a component of the national e-policy and should be appropriately incentivized to adopt a Risk Management framework through regulation.

An overview of international policy discussions on information security concludes this chapter together with a discussion of policy recommendations for Governments and some insights to future developments and relevance for intergovernmental processes and the international community.

Read the full chapter of the IER 2005 here.

Thursday, July 19, 2007 9:32:03 AM (W. Europe Standard Time, UTC+01:00)  #     |