New security guidelines have been announced on how businesses in New Zealand and Australia should use their computers.
Standards New Zealand (SNZ) says the measure places New Zealand at the forefront of e-commerce and should help boost consumer and business confidence in e-commerce.
SNZ chief executive Rob Steel says the new standard provides a framework of measures to develop and maintain confidence in an organisation's ability to properly manage its information security risk.
A recent survey of IT managers and CIOs last week showed that few knew of the guidelines' existence, but Standards New Zealand plans a series of nationwide seminars next month to boost companies' knowledge about it. The organisation has already briefed the New Zealand Computer Society and others.
SNZ consultant Nelson Proctor says: "It is of value to the IT manager to read through the document to get guidance and assistance. IT managers can also assess how they comply. It compares not just the more obvious security aspect but the more run-of-the-mill, day-to-day things," he says.
"It is very early days, but word will get around, especially when accreditation people start contacting businesses."
Called AS/NZ 4444, the new standard comes in two parts and is adapted from similar UK standards.
Part one covers the management of security and defines in detail how companies should develop an information system. Part two provides specifications on how information management systems can be certified.
Matters covered by the standard include:
- protecting e-mails from viruses or interception- the safety of giving credit card numbers over the Internet- protecting companies from viruses- protecting client information and digital signatures- ensuring a company handles personal information confidentially- security issues concerning teleworkers remotely accessing company networksThe new security standard takes a risk management approach and offers best practice descriptions for 127 controls across 36 categories.
A system to voluntarily certify companies is also being developed, which could be used to identify firms that could be trusted with personal information.
Proctor says the standard strengthens the industry in responding to consumer and regulatory concerns over the protection of information.