Known as icode, the code of practice will provide network-level information security protection for end users, ISPA said in a release.
The icode is expected to contain four main elements: notification/management system for compromised computers, standardized information resource for end users, resources for ISPs to access the latest threat information, and a mechanism that reports serious threats to national security agencies to facilitate a national high-level view of attack status.
“The problem we now face as an industry is the sophistication of attacks on end-user computers. Scanning at the network level by ISPs can provide an early warning to users when the user may be completely unaware there’s a problem with their computer”, said ISPA spokesperson Ant Brooks.
Brooks noted that protections have been included to guard the privacy of end users. “The network level scanning that allows ISPs to detect signs of infected machines does not in any way involve looking at what users are themselves doing online. On the contrary, the scheme is designed to reduce the incidence of the single biggest threat to end-user privacy – the presence of malware which can steal personal information and relay it to criminals overseas.”
The initiative was welcomed by the banking sector in particular. “South Africa’s banks are committed to educating consumers about online security, and constantly review security measures to offer South African Internet users as safe an online banking experience as possible,” says Kalyani Pillay, chief executive offer of the South African Banking Risk Information Centre. The banking industry "welcomes the launch of the icode project and is encouraged by the commitment of ISPs towards assisting their customers with the security of their computers and their personal information", she added.