A/67/167
I. Introduction
1.
By paragraph 3 of its resolution 66/24, the General Assembly invited all
Member States, taking into account the assessments and recommendations contained
in the report of the Group of Governmental Experts on Developments in the Field of
Information and Telecommunications in the Context of International Security
(A/65/201), to continue to inform the Secretary-General of their views and
assessments on the following questions:
(a)
General appreciation of the issues of information security;
(b) Efforts taken at the national level to strengthen information security and
promote international cooperation in that field;
(c)
The content of the concepts mentioned in paragraph 2 of the resolution;
(d) Possible measures that could be taken by the international community to
strengthen information security at the global level.
2.
Pursuant to that request, on 16 February 2012, a note verbale was sent to
Member States inviting them to provide information on the subject. The replies
received are contained in section II below. Any additional replies received will be
issued as addenda to the present report.
II. Replies received from Governments
Colombia
[Original: Spanish]
[21 May 2012]
The use of information and communications technology has undoubtedly
brought about significant changes and benefits to our countries. Nevertheless, these
technological advances have also increased the use of technology for criminal
purposes around the world, which highlights the need to adopt urgent measures and
controls that can protect the State from these new threats.
Increased criminal capacity in cyberspace and the use of new technologies to
generate computer threats are common concerns for all countries, given that they
have a significant impact on information security, in both the public and private
spheres, including civil society, highlighting the need to implement the necessary
security protocols and policies strictly in order to establish controls that can protect
the State and its critical infrastructure from these new threats.
In this context, in 2005 Colombia developed the ISO/IEC 27001 standard,
conceived as a management system covering the policies, organizational structure,
procedures, processes and resources needed to implement information security
management. The aim is to implement quality standards such as the code of best
practices and control objectives contained in ISO/IEC 17799, which focuses on
safeguarding confidentiality, integrity and availability, as defined below:
• Confidentiality: preventing information from being used by unauthorized
individuals or processes.
2
12-43414