Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1401409
46 AUGUST/SEPTEMBER 2021 www.vanguardcanada.com THE LAST WORD cess to restricted areas. For example, entries and exits must be continuously guarded and access controls and visitor registration must be logged and stored. Some areas may require continuous surveillance, even using guards to secure the facility and sur- roundings. Protecting data transfer within the supply chain Data transfer in the supply chain network must be protected by security protocols, utilizing encryption methods and authen- tication. Sub-suppliers and partners need to maintain a high level of information se- curity, to mitigate risks of any gaps in the supply chain. Having a systematic approach to identify and manage sensitive company information is critical. This system should include people, processes, IT systems, and physical locations, and should comply with ISO 27001 and the General Data Protec- tion Regulation (GDPR). This will im- prove awareness and enable effective risk management. From a personnel perspective, employees can often represent a significant cyberse- curity risk and are often on the front line of attacks. This risk can be mitigated by empowering and educating employees to ensure they have a high level of informa- tion security awareness. Implementing a training programme that frequently up- dates employees on threats and tactics is invaluable to helping protect the organiza- tion from attacks, and should be present at every company within the supply chain. Maintaining integrity at the product level As expected, surveillance products must function as designed and intended, with consistent integrity. This can be achieved if the product's hardware and firmware are successfully protected from unauthorized change or manipulation during the prod- uct's journey through the supply chain. Starting with component materials, trace- ability – which includes the material han- dling process – always ensures the status, revealing any deviations that could com- promise quality and signal tampering. Suppliers and manufacturing partners are required to maintain a traceability system for produced batches, from incoming ma- terial to the finished component. During production, the physical component will undergo multiple tests, verifying confor- mance and highlighting any deviations. It isn't just the security of devices themselves that needs to be assessed. A secure software development lifecycle (SDLC) must be demonstrated to show that software is be- ing developed with cybersecurity in mind. This helps to minimize the end customer's exposure to vulnerabilities and if these do occur, a clear process of how vulnerabilities in components are identified, communicat- ed, and patched must be established. Robust security at every stage As new cybersecurity threats emerge, it's worth investing time to evaluate and un- derstand every step in the production process where vulnerabilities could occur. Introducing more transparency within the supply chain will help alleviate worries, build trust and also create a dialogue be- tween organizations and their entire sup- plier network. This will ensure that pro- cesses are robust and repeatable, thereby holding every party to the same cyberse- curity standard and ensuring consistency. A regular assessment and auditing process will pay dividends in maintaining high- quality products and protecting sensitive data from falling into the wrong hands. This blog was originally published on June 8, 2021, on Axis.com and republished here with permission. Wayne Dorris is a Regional Architecture & Engineering Manager for Axis Communi- cations in the northeastern, mid-Atlantic and southeastern United States. He is re- sponsible for managing field operations for the Axis A&E program and fostering col- laborative relationships with architectural, engineering, and professional security con- sultants who design and specify IP-based security systems. Mr. Dorris serves as the technical liaison for Axis design tools, leads program marketing, and provides applica- tion support to individuals and organiza- tions that influence product selection for their clients. Mr. Dorris has 25 years of experience in the security industry, includ- ing a dozen years in regional and senior management positions dedicated to field implementation of A&E programs. Prior to joining Axis, Mr. Dorris held the posi- tion of applications and field sales engineer for other security manufacturers. He also served eight years as the technical security director for a major fortune 150 company. Mr. Dorris is an active member of ASIS. Data transfer in the supply chain network must be protected by security protocols, utilizing encryption methods and authentication. Sub-suppli- ers and partners need to maintain a high level of information security, to mitigate risks of any gaps in the supply chain.