Международный Кодекс поведения в области ИБ

Международный Кодекс поведения в области ИБ
12-го числа по китайскому радио передали новость о том, что "постоянные представители Китая, России, Таджикистана и Узбекистана в Организации объединенных наций совместно направили генеральному секретарю ООН Пан Ги Муну письмо с просьбой распространить Международный кодекс по обеспечению безопасности в сфере информации в качестве официального документа ООН на 66-й сессии Генеральной ассамблеи организации". На сайте ООН этой информации нет. Как не оказалось ее и на сайте первоисточника - информация была просто удалена с сайта по непонятной причине. Но меня заинтересовало, чтоже такого интересного предложили эти 4 страны, две из которых раньше не были замечены на ниве активного участия в вопросах ИБ, а третья не имеет нормального собственного законодательства в области ИБ. Поиски увенчались успехом и текст предложенного Кодекса перед вами (только на английском, но там и так все понятно): The General Assembly, Recalling the General Assembly's resolutions on the role of science and technology in the context of international security, in which, inter alia, it recognized that scientific and technological developments could have both civilian and military applications and that progress in science and technology for civilian applications needed to be maintained and encouraged, Noting that considerable progress has been achieved in developing and applying the latest information technologies and means of telecommunication, Recognizing the need to prevent the potential use of information and communication technologies (ICTs) for purposes that are inconsistent with the objectives of maintaining international stability and security, and may adversely affect the integrity of the infrastructure within States, to the detriment of their security, Underlining the need for enhanced coordination and cooperation among States in combating the criminal misuse of information technologies, and, in this context, stressing the role that can be played by the United Nations and other international and regional organizations, Highlighting the importance of the security, continuity and stability of the Internet, and the need to protect the Internet and other ICT networks from threats and vulnerabilities, and reaffirming the need for a common understanding of the issues of Internet security and for further cooperation at national and international levels, Reaffirming that policy authority for Internet-related public issues is the sovereign right of States, which have rights and responsibilities for international Internet-related public policy issues, Recognizing that confidence and security in the use of information and communications technologies are among the main pillars of the information society, and that a robust global culture of cyber-security needs to be encouraged, promoted, developed and vigorously implemented, pursuant to Paragraph 4 of General Assembly Resolution A/RES/64/211,"Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructures", Stressing the need for enhanced efforts to close the digital divide by facilitating the transfer of information technology and capacity-building to developing countries in the areas of cyber-security best practices and training, pursuant to Paragraph 11 of General Assembly Resolution A/RES/64/211,"Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructures", Adopts the International Code of Conduct for Information Security as follows: I. Purpose and Scope The purpose of this Code is to identify States' rights and responsibilities in information space, promote their constructive and responsible behaviors, and enhance their cooperation in addressing the common threats and challenges in information space, so as to ensure the ICTs including networks to be solely used to the benefit of social and economic development and people's well-being, and consistent with the objective of maintaining international stability and security. Adherence to this Code is voluntary and open to all states. II. Code of Conduct Each State voluntarily subscribing to this Code pledges: 1. To comply with the UN Charter and universally recognized norms governing international relations, which enshrine, inter alia, respect for the sovereignty, territorial integrity and political independence of all states, respect for human rights and fundamental freedoms, as well as respect for diversity of history, culture and social systems of all countries. 2. Not to use ICTs including networks to carry out hostile activities or acts of aggression and pose threats to international peace and security. Not to proliferate information weapons and related technologies. 3. To cooperate in combating criminal and terrorist activities which use ICTs including networks, and curbing dissemination of information which incites terrorism, secessionism, extremism or undermines other countries' political, economic and social stability, as well as their spiritual and cultural environment. 4. To endeavor to ensure the supply chain security of ICT products and services, prevent other states from using their resources, critical infrastructures, core technologies and other advantages, to undermine the right of the countries, which accepted this Code of Conduct, to independent control of ICTs, or to threaten other countries' political, economic and social security. 5. To reaffirm all States' rights and responsibilities to protect, in accordance with relevant laws and regulations, their information space and critical information infrastructure from threats, disturbance, attack and sabotage. 6. To fully respect the rights and freedom in information space, including rights and freedom of searching for, acquiring and disseminating information on the premise of complying with relevant national laws and regulations. 7. To promote the establishment of a multilateral, transparent and democratic international management of the Internet to ensure an equitable distribution of resources, facilitate access for all and ensure a stable and secure functioning of the Internet. 8. To lead all elements of society, including its information and communication private sectors, to understand their roles and responsibilities with regard to information security, in order to facilitate the creation of a culture of information security and the protection of critical information infrastructures. 9. To assist developing countries in their efforts to enhance capacity-building on information security and to close the digital divide. 10. To bolster bilateral, regional and international cooperation, promote the United Nations' important role in formulation of international norms, peaceful settlement of international disputes, and improvement of international cooperation in the field of information security, and enhance coordination among relevant international organizations. 11. To settle any dispute resulting from the application of this Code through peaceful means and refrain from the threat or use of force. Вот такой документ может быть принят на 66-й Генеральной Ассаблее ООН, которая началась пару дней назад в США.
законодательство тенденции
Alt text
Обращаем внимание, что все материалы в этом блоге представляют личное мнение их авторов. Редакция SecurityLab.ru не несет ответственности за точность, полноту и достоверность опубликованных данных. Вся информация предоставлена «как есть» и может не соответствовать официальной позиции компании.

Ищем баги вместе! Но не те, что в продакшене...

Разбираем кейсы, делимся опытом, учимся на чужих ошибках

Зафиксируйте уязвимость своих знаний — подпишитесь!