Data Security Guide v2

PHASES OF SUPPLY CHAIN CYBER SECURITY

1

FORTIFY YOUR DEFENSE • Recognize this isn’t just an IT problem – it includes sourcing, vendor management, supply chain continuity and quality, transportation security • Assume your systems will be breached and develop strategies to mitigate the risk and intrusion. • Accept the human factor. Breaches often begin with error. • Connect cybersecurity and physical security as equal strategies. Also : Add security requirements to RFPs and contracts; establish and enforce protocol for hardware/software procedures; use security hand shakes for software and hardware.

2

ATTACK CYBER SECURITY PROACTIVELY • Monitor and enforce cybersecurity with suppliers’ and developers’ processes. • Maintain a proactive network security policy. • Send security teams to approved vendors’ sites. • Track and trace provenance of all parts, components and systems. Also: Monitor and block unusual IP traffic; tightly control purchases using approved vendors; support legacy and end of life products and platforms; employ resolution plans.

3

Manage Processes and Controls • Develop an information security management system (ISMS) based on ISO 27000 accredited practices • Examine information security risks, taking account of threats, vulnerabilities and impacts. • Implement a comprehensive suite of information security controls and risk management practices. Adopt an overarching management process that ensures information security controls continue to meet the organization’s information security needs.

Source: National Institute of Standards and Technology, International Standards Organization, Transportation Insight

Made with FlippingBook - Online magazine maker