10 key principles to ensure adoption of digital security
Central to the core of the Charter of Trust is the ten principles to ensure the adoption of digital security. These principles revolve around the protection of data, people and organisations, and allow the partners to collaborate effectively as they create a secure digital world.
The ten principles of the Charter of Trust are:
1. Ownership of cyber and IT security
Anchor the responsibility for cybersecurity at the highest governmental and business levels by designating specific ministries and CISOs. Establish clear measures and targets as well as the right mindset throughout organisations – “it is everyone’s task”.
2. Responsibility throughout the digital supply chain
Companies and if necessary governments must establish risk-based rules that ensure adequate protections across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity and availability by setting baseline standards such as:
3. Security by Default
Adopt the highest appropriate level of security and data protection and ensure that it is pre-configured into the design of products, functionalities, processes, technologies, operations, architectures and business models.
Serve as a trusted partner throughout a reasonable life cycle, providing products, systems and services as well as guidance based on the customer’s cybersecurity needs, impacts and risks.
5. Innovation and co-creation
Combine domain know-how and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats; drive and encourage contractual Public Private Partnerships, among other things.
Include dedicated cybersecurity courses in school curriculum – as degree courses in universities, professional education and trainings – in order to lead the transformation of skills and job profiles needed for the future.
7. Certification for critical infrastructures and solutions
Companies and if necessary governments establish mandatory independent third-party certifications (based on future-proof definitions) for critical infrastructure as well as critical IoT solutions.
8. Transparency and response
Participate in an industrial cybersecurity network in order to share new insights, information on incidents et al.; report incidents beyond today’s practice, which focuses on critical infrastructure.
9. Regulatory framework
Promote multilateral collaborations in regulation and standardization to set a level playing field matching the global reach of WTO; inclusion of rules for cybersecurity into Free Trade Agreements (FTAs).
10. Joint initiatives
Drive joint initiatives including all relevant stakeholders in order to implement the above principles in the various parts of the digital world without undue delay.
See how TÜV SÜD can help you achieve success in Cyber Security here.
By collaborating with the Charter of Trust, organizations are able to reap a number of benefits:
Security by Default is a principle that ensures that security is considered right from the start of the design of a product, a process or even a business model. The objective is to define critical cyber security requirements needed to deliver secure products, processes, services and business models in line with current standards and best practices. These must also be verifiable in order to provide assurance that the requirements are adequately met.
This principle is divided into three phases:
Phase 1: Products, Functionalities and Technologies
Phase 2: Processes, Operations and Architectures
Phase 3: Business Models
Find out more in the infographic below showcasing a list of 19 Security by Default features as defined by the Charter of Trust. Download infographic here.