One field-tested security strategy for information systems and digital content is to address the problem through processes, people and technology. On the process front, all companies involved in the production of digital IP should, by now, be adhering to a proven information security framework that fully addresses supply chain risks. That includes making sure your digital IP is protected at all times, even during post-production (or maybe we should say especially during post-production, given recent incidents).
Fortunately, there is a ready-made cybersecurity framework that companies can use, at no charge, thanks to the US federal government, which has done some sterling work in this area, namely the NIST Cybersecurity Framework.
The current version is a great way to get a handle on your organization’s cybersecurity, and the next version, currently in draft, goes even deeper into the need to maintain cybersecurity throughout the supply chain. For that reason, the draft is worth quoting at length:
“The practice of communicating and verifying cybersecurity requirements among stakeholders is one aspect of cyber supply chain risk management (SCRM). A primary objective of cyber SCRM is to identify, assess and mitigate “products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain.”
Leave your comments below or contact us for discussions.