|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Mon Nov 09 2009 - 00:43:27 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221600499
By J. Nicholas Hoover
InformationWeek
November 7, 2009
(From the November 9, 2009 issue)
Security pros draw a line at the firewall--what happens "out there"
might be beyond their control, but a secure perimeter is intended to
protect the data and systems within. That view, however, fails to take
into account the role of developers, vendors, customers, users, and
others along the supply chain of IT systems, hardware, and software
coming into the enterprise. A new school of practice advocates a more
encompassing approach to security that leaves none of those touch points
unchecked.
It's called the cybersecurity supply chain, and, as it sounds, it
applies the principles of supply chain management--product assembly and
acquisition, data sharing among partners, governance, and more--to the
security of IT systems and software. "Organizations need to realize that
their borders are porous," says Jim Lewis, director and senior fellow of
the Center for Strategic and International Studies' technology and
public policy program. "We're no longer living behind a moat. It's not
just how secure you are, but how secure the people you connect with are
as well."
What comprises a cyber supply chain? Researchers at the University of
Maryland's Robert H. Smith School of Business and the IT services firm
SAIC, in a white paper published in June, define it as "the mass of IT
systems--hardware, software, public, and classified networks--that
together enable the uninterrupted operations" of government agencies,
public companies, and their major suppliers. "The cyber supply chain
includes the entire set of key actors and their organizational and
process-level interactions that plan, build, manage, maintain, and
defend this infrastructure."
Foreign nations already are carrying out supply chain attacks on IT
systems belonging to the U.S. government, according to a presentation by
Mitch Komaroff, director of the Department of Defense CIO's
globalization task force. A simple example is hardware being delivered
with malware installed. In the private sector, financial firms have
become regular targets. These two sectors are also the most aggressive
in looking at ways to fight the problem.
[...]
________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]