A free online environment where users can create, edit, and share electrical schematics, or convert between popular file
formats like Eagle, Altium, and OrCAD.
schematics.io
Find the IoT board you’ve been searching for using this interactive solution space to help you visualize the product selection
process and showcase important trade-off decisions.
transim.com/iot
Transform your product pages with embeddable schematic, simulation, and 3D content modules while providing interactive user
experiences for your customers.
transim.com/Products/Engage
AspenCore Network
A worldwide innovation hub servicing component manufacturers and distributors with unique marketing solutions
aspencore.com
SiliconExpert provides engineers with the data and insight they need to remove risk from the supply chain.
siliconexpert.com
Transim powers many of the tools engineers use every day on manufacturers' websites and can develop solutions for any company.
transim.com
150 comments on “Live Chat 12/10: Security & the Supply Chain”
Hailey Lynne McKeefry
December 6, 2013
Here's a little more information about our guest:
Steve Durbin is Global Vice President of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, Cyber security, Consumerization of IT, Big Data, outsourced cloud security, third party management and social media across both the corporate and personal environments.Durbin has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. As global head of Gartner's consultancy business he developed a range of strategic marketing, business and IT solutions for international investment and entrepreneurial markets. He has served as an executive on the boards of public companies in the UK and Asia in both the technology consultancy services and software applications development sectors.
Here's a little more informaiton abou the Information Security Forum:
Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.
ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.
We will be starting at 10:00 a.m. PST/1:00 p.m. EST sharp. First, though, there are two housekeeping notes:
First, please make a copy of your post before hitting the “post” button – just in case. If the system “eats” one of your carefully crafted thoughts, please hit “Ctrl-Z” to recover it.
Second, if you have problems posting, we suggest trying a different browser. IE9 is a popular choice, but sometimes find Firefox, Chrome, or Safari work better.
This will be a fun, fast, and friendly conversation, so please do not hold back with your comments or questions. There are no dumb questions and we value everyone's point of view.
Hi Steve, you're right on time! Welcome… pull up a chair and help yourself to some virtual gaucamole and chips. Everyone, steve's bio and some info on ISF are at the start of the chat. Steve, to get us started, what do you see as some of the biggest challenges for the supply chain today in terms of security?
Steve, I just saw a disturbing stat — More IT managers find it harder to enforce security policies in 2013 than in 2012, Is BYOD making this tougher or is it just a matter of lack of desire to push the enforcement?
For companies in manufacturing isn't securing the supply chain one of those situations where you want to ensure that your suppliers have all their T's crossed, but then you have to turn around and comply with the demands of the customers that you are supplying? Does that present any conflict in terms of security standards?
The kind of attacks tend to be theft of data, we see insider based attacks, its all about the data really since thats where the value lies and also about attacking the big company via one of the suppliers
@rodney for me enforcing policies are about winning hearts and minds – its about making sure that your policy is coauthored with the business and getting the business to enforce it not the security guy
@Steve: Thanks. So what are the benefits or trying to steal data from the supply chain, as opposed to typical attacks on a company network or DB? Is it a matter of stealing info to be sold later, or is a bit of corporate spying, trying to gain an edge?
Tech4people, why would better clarity make the policies harder to enforce? Maybe less of a need to enforce them, sure, but I don't see how it would make enforcement harder.
@Steve: Thanks. So what are the benefits or trying to steal data from the supply chain, as opposed to typical attacks on a company network or DB? Is it a matter of stealing info to be sold later, or is a bit of corporate spying, trying to gain an edge?
@hailey, absolutely, but this is where the security guys can relly make a difference, by working with business owners to understand what they're trying to achieve and then supporting that effort
@scott I'll give an example, say pharma, if you can steal the IP on new drugs before a patent is filed – and towards the end of the process before filing that info is shared with lawyers as well as research partners, then that can be a hefty cost and a massively attractive target
@tech4people: So it's all corporate esponiage at this point. Is it other companies, or does it involve nation states, such as China, where there's a history or trying to compromise IP for a competitive gain?
@scott to secure the supply chain we need to look beyond just the traditional partners and bring in our lawyers, accountants, the non traditionals – and they may be the weakest linkand so the easiest route for the cyber thief
@Scott, for electronics manufacturers, there's an additional and newly emerging threat–that malware makers try to get into the system so that their malware is loaded into the firmware of electronics products that connect to the internet–and so everyone who buys the product is infected and infects others. This one is less common but can you imagine the corporate PR nightmare that could ensue?
how do some of the other headline topics (I'm thinking of big data and internet of things, for example) shift the way supply chain organizations have to think about IT security?
@Steve to your point, phishing and other social engineering stuff is getting much more sophisticated as well. it's not suprising that many of these weak links fall for the lures.
@hailey big data = big issue – potentially! What I mean by this is that the biggest concern for me around big data is not the theft of information but the manipulation of data to cause big data analytics to come up with erroneous conclusiuons that take the business off course
@hailey correct, phishing is getting more and more sophisticated and keeping track of your second and third tier supliers becomes even more important – the further away from the source the more atractive to the cyber thief and the more difficult for the main enterprise to manage
@Steve, for supply chain users, i could see that being catastrophic. What you buy, from whom, how much, when it will arrive, there are so many variables that could be potentially manipulated. I”m sure there are many breaches of security that never make headlines.
@tech4people: Thanks for helping make that distinction. Have the issues regarding the NSA and it's ability to collect massive amount of information changed some of the conversation betweeen what China and India do and what the US can do?
@hailey yes, takes us onto the notion of how to effectively combat this and it is about collaboration, within the business and with other businesses across sectors and geographies
@jim O'R absolutely Jim and thats why the financial markets are so hot on monitoring – other imndustries are not at the same level of sophistication yet
Distortions could be subtle. Sentiment based forecasting is on the rise, and it's susceptible to someone jamming YouTube or Twitter with spurious hits.
Another issue of course is that many organisations focus only on managing info risk for a limited number of the most obvious – not necessarily the most risky – contracts
The thing that has me worried is the way that differeent types of data can be culled from different systems and be made into more valuable information (customer names and bank routing numbers, etc.) The big data craze has systems much more closely connected.
@michael s I'm thinking here of the traditional supply chain management approach which mostly done by procurement has tended to focus on risk by size of contract – so a $100m contract gets attention but IP which has no $ ticket – yet – would get missed
@Steve, what might be a proportionate response? is it about securing data, apps, systems, endpoints? What are the best practices from a technology standpoint?
Risk assessment is aboiut determining the potential impact of the loss of data to your organisation – you'll want to take into account geography yes but also the degree of maturity of your suppliers' security, their willingness to share info with you and to discuss security
@Michael, I know chrisrtmas isn't your gig…but guacamole and salsa are really festive. Start with the abstinence in the New Year… Besides, our virtual guac is very low cal. 🙂
@hailey yes its about all those things, but more about looking at the access points to those systems and ensuring that the basics are covered – the people awareness things are important too, its not just about technology and of course in many countries where supply chains extend, it can be a relatively low cost exercise to influence the people side to let you have info you would otherwise not have
Steve, It would be worth checking the riskiest transaction types out early in the process, independent of size. Often large amounts of fraud occur in small deals.
@Steve, the training piece is hard. everything i've seen and read has said that you have to make it part of the day to day business, by putting it in people's job descriptions (to protect corproate assets including data and systems); to do regular trainings, mention it in meetings, even put signs up on the wall (Don't share your password). the problem is that the cybercriminals have unlimited attempts and only need one mistake
Hailey, another troubling stat I saw — 53% of companies conduct security tranining only yearly, and 14% only do it “ad hoc” — when someone screws up, basically.
@hailey, that's right, there were some stats I saw around phishing that said that I think if you received the same phishing email twice or three times you were more inclined to click and open it to find out what it was all about than if you only received it once – I love my spam filter and junk mailbox!
Training only goes so far. The pace of operations often puts security on a back burner, especially if people develop a high level of comfort in relationships.
@Rodney, and the really scary thing is that there's no telling what that 53 percent are calling “annual security training”. it might be a ten minute video or an email reminder.
@jim spot on jim, that's why I'm a fan of embedding security in the business – put a security guy out with the business teams so that security understands what is going on and can provide advice and guidance constructively and in a timely way
Security can be built in to operations. Financial companies look fro behavioural trends with traders, as well as changes in trading pattern. It's sophisticated, but it can trap problems early.
I just came out of a meeting where we discussed some points very relevant here: Security isn't just an internal matter. Partner security impacts your security. The nuclear power plant doesn't have to just worry about its own security; it has to worry about the security at its catering company.
I'm going to draw us to a close, but thank you very much for coming by Steve! We're glad to have you come anytime. And thanks everyone for asking some great questions.
Good supply chain info risk mamangement needs to be integrated with vendor management and based on a follow the information approach – I'll leave you with that thought!
You must verify your email address before signing in. Check your email for your verification email, or enter your email address in the form below to resend the email.
Please confirm the information below before signing in.
{* #socialRegistrationForm *}
{* firstName *}
{* lastName *}
{* displayName *}
{* emailAddress *}
By clicking "Sign In", you confirm that you accept our terms of service and have read and understand privacy policy.
{* /socialRegistrationForm *}
Registration
Please confirm the information below before signing in. Already have an account? Sign In.
AspenCore Network
News the global electronics community can trust
The trusted news source for power-conscious design engineers
Supply chain news for the electronics industry
The can't-miss forum engineers and hobbyists
Product news that empowers design decisions
Design engineer' search engine for electronic components
The electronic components resource for engineers and purchasers
The design site for hardware software, and firmware engineers
Where makers and hobbyists share projects
The design site for electronics engineers and engineering managers
The learning center for future and novice engineers
The educational resource for the global engineering community
Where electronics engineers discover the latest toolsThe design site for hardware software, and firmware engineers
Circuit simulation made easy
Brings you all the tools to tackle projects big and small - combining real-world components with online collaboration
Hardware design made easy
A free online environment where users can create, edit, and share electrical schematics, or convert between popular file formats like Eagle, Altium, and OrCAD.
Find the IoT board you’ve been searching for using this interactive solution space to help you visualize the product selection process and showcase important trade-off decisions.
Transform your product pages with embeddable schematic, simulation, and 3D content modules while providing interactive user experiences for your customers.
A worldwide innovation hub servicing component manufacturers and distributors with unique marketing solutions
SiliconExpert provides engineers with the data and insight they need to remove risk from the supply chain.
Transim powers many of the tools engineers use every day on manufacturers' websites and can develop solutions for any company.
Here's a little more information about our guest:
Steve Durbin is Global Vice President of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, Cyber security, Consumerization of IT, Big Data, outsourced cloud security, third party management and social media across both the corporate and personal environments.Durbin has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. As global head of Gartner's consultancy business he developed a range of strategic marketing, business and IT solutions for international investment and entrepreneurial markets. He has served as an executive on the boards of public companies in the UK and Asia in both the technology consultancy services and software applications development sectors.
Here's a little more informaiton abou the Information Security Forum:
Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.
ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.
Excited about the chat in one hour! Should be interesting, especially for those of us in the retail sector.
I hope to make it.Kinda late for my time!
Thanks, Jennifer!
Hang in there, @tech4people. Only 20 minutes until we start!
@Hailey-I hope so!
Feel free to font load thoughts or questions while we wait.
The Thing about Supply Chain Security is that its a topic which hardly anyone is prepared to deal with currently.
I mean how can you monitor/police such a disparate chain of events in one place?
If it was easy when everything was in one place but now that we have everything spread all over the Globe what are you going to do about it?
@tech4people, it's certainly more about mitigation than total security.
We will be starting at 10:00 a.m. PST/1:00 p.m. EST sharp. First, though, there are two housekeeping notes:
First, please make a copy of your post before hitting the “post” button – just in case. If the system “eats” one of your carefully crafted thoughts, please hit “Ctrl-Z” to recover it.
Second, if you have problems posting, we suggest trying a different browser. IE9 is a popular choice, but sometimes find Firefox, Chrome, or Safari work better.
This will be a fun, fast, and friendly conversation, so please do not hold back with your comments or questions. There are no dumb questions and we value everyone's point of view.
Questions, theories, ideas, real world experiences and even friendly rants are welcome here.
And always, please announce your arrival so we can give you a warm EBN welcome and offer you some virtual guacamole. 🙂
Hi Hailey, Hi everyone, this is Steve, thanks for inviting me along to the chat
Hi Steve, you're right on time! Welcome… pull up a chair and help yourself to some virtual gaucamole and chips. Everyone, steve's bio and some info on ISF are at the start of the chat. Steve, to get us started, what do you see as some of the biggest challenges for the supply chain today in terms of security?
Thats a tricky one to start us off
Biggest challenges have to be really understanding who is in your chain, what info you're sharing and then what the 3rd parties are doing with it
So many organisations have multiple tiers of suppliers that keeping track can be difficult
@Steve, we ask the hard questions here. 🙂
Keep em coming 🙂
Hi, Hailey
I know many organizations try to create security policies and push them through the supply chain. What are the elements of a good security policy?
Howdy all.
Sharing with suppliers is essential, yet increases the risk of that information being compromised
Hi everyone. Happy holidays.
Before starting on the policy its about understanding the risk appetite you have in the organisation
@Jim, glad to have you with us! We've got fresh guacamole on the table in the back. Help yourself!
@Rodney, glad you could make it! Pull up a chair and have some guac.
Hey Scott, happy holidays… Steve says he's ready for our hardest questions on security. so don't hold back. 🙂
Then you need to make the policy practical, focused and relevant to your business – and of course understandable from the supplier side
Maybe this was asked before, but I wanted to see what the most common types of attack on the supply are? Are there ones we see over and over again?
Having done that, you're ready to start!
Steve, I just saw a disturbing stat — More IT managers find it harder to enforce security policies in 2013 than in 2012, Is BYOD making this tougher or is it just a matter of lack of desire to push the enforcement?
@Hailey-Absolutely Threat Mitigiation is extremely crucial
For companies in manufacturing isn't securing the supply chain one of those situations where you want to ensure that your suppliers have all their T's crossed, but then you have to turn around and comply with the demands of the customers that you are supplying? Does that present any conflict in terms of security standards?
The kind of attacks tend to be theft of data, we see insider based attacks, its all about the data really since thats where the value lies and also about attacking the big company via one of the suppliers
@Rodney-I have a feeling its because these things are becoming crystal clear and more transparent today.
@rodney for me enforcing policies are about winning hearts and minds – its about making sure that your policy is coauthored with the business and getting the business to enforce it not the security guy
@Rodney-Otherwise one would have seen BYOD isues getting totally sidelined and sorted out by now.
@Steve, “practical, focused and relevant to your business” I suspect easy to say and hard to do…. and then you have policy enforcement on top of htat.
@Steve: Thanks. So what are the benefits or trying to steal data from the supply chain, as opposed to typical attacks on a company network or DB? Is it a matter of stealing info to be sold later, or is a bit of corporate spying, trying to gain an edge?
Tech4people, why would better clarity make the policies harder to enforce? Maybe less of a need to enforce them, sure, but I don't see how it would make enforcement harder.
@Steve: Thanks. So what are the benefits or trying to steal data from the supply chain, as opposed to typical attacks on a company network or DB? Is it a matter of stealing info to be sold later, or is a bit of corporate spying, trying to gain an edge?
@Hailey-Its always about the people.Its the people who make it hard to do something usually.
(Quick commercial: EBN's most recent Velocity e-mag just tackled the topics we are discussing now, so take a read: http://dc.ubm-us.com/i/207639)
How much of a threat is DDOS for the companies you deal with?
@hailey, absolutely, but this is where the security guys can relly make a difference, by working with business owners to understand what they're trying to achieve and then supporting that effort
@Scott-Its all about Individual IP.
@Tech4people, the golden triad for me: people, processes and technology. You gotta have them all to succeed.
@scott I'll give an example, say pharma, if you can steal the IP on new drugs before a patent is filed – and towards the end of the process before filing that info is shared with lawyers as well as research partners, then that can be a hefty cost and a massively attractive target
@tech4people: So it's all corporate esponiage at this point. Is it other companies, or does it involve nation states, such as China, where there's a history or trying to compromise IP for a competitive gain?
@scott to secure the supply chain we need to look beyond just the traditional partners and bring in our lawyers, accountants, the non traditionals – and they may be the weakest linkand so the easiest route for the cyber thief
@Scott, for electronics manufacturers, there's an additional and newly emerging threat–that malware makers try to get into the system so that their malware is loaded into the firmware of electronics products that connect to the internet–and so everyone who buys the product is infected and infects others. This one is less common but can you imagine the corporate PR nightmare that could ensue?
@tech4people yes IP theft for competitive gain is a biggy
@Steve: An interesting point. Has the supply chain been particuarly weak when it comes to this type of cyber security?
how do some of the other headline topics (I'm thinking of big data and internet of things, for example) shift the way supply chain organizations have to think about IT security?
@Scott-With China it tend sto get Institutionalized(at the Nation-State Level).With India,its more at the Individual Level(Hired Guns so to speak).
@scott I'm seeing very much more interest these days from the “professions” in terms of them having to address their security than before
@Steve to your point, phishing and other social engineering stuff is getting much more sophisticated as well. it's not suprising that many of these weak links fall for the lures.
@hailey big data = big issue – potentially! What I mean by this is that the biggest concern for me around big data is not the theft of information but the manipulation of data to cause big data analytics to come up with erroneous conclusiuons that take the business off course
@SteveDurbin, that's a huge issue with retail.
@steve-That is Good news.
Steve. Have you seen that big data manipulation happen in real life yet? Or is it still in the “possible” class?
@hailey correct, phishing is getting more and more sophisticated and keeping track of your second and third tier supliers becomes even more important – the further away from the source the more atractive to the cyber thief and the more difficult for the main enterprise to manage
@Steve, for supply chain users, i could see that being catastrophic. What you buy, from whom, how much, when it will arrive, there are so many variables that could be potentially manipulated. I”m sure there are many breaches of security that never make headlines.
@jimc not seen anyone prepared to publicly admit – doesnt mean its not happened 🙂
@tech4people: Thanks for helping make that distinction. Have the issues regarding the NSA and it's ability to collect massive amount of information changed some of the conversation betweeen what China and India do and what the US can do?
@jimC, great question.
@hailey yes, takes us onto the notion of how to effectively combat this and it is about collaboration, within the business and with other businesses across sectors and geographies
I fear that businesses could rely so much on data that there is no one doing a common sense, reality check on the numbers.
@Hailey-Absolutely.which is why most don't even want to think about Supply Chain Security.
Steve I'm not sure a Big Data distortion would be detectable. The stock markets come to mind, You can make millions from a transient event.
@tech4people NSA has changed lots of conversations 🙂 Assume they have a view… well, don't be shy guys…!!!
@jbosavage. glad you stopped by. Guacamole and chips are on the table in the back. still plenty to go around.
So you get a figure for 100,000 t-shirts, but it should be 50,000. A casual observer might not detect the error.
@jim O'R absolutely Jim and thats why the financial markets are so hot on monitoring – other imndustries are not at the same level of sophistication yet
And the data can be manipulated from the inside, as well as outside intrusion, sadly.
@jbosavage-That would be brutal.
Distortions could be subtle. Sentiment based forecasting is on the rise, and it's susceptible to someone jamming YouTube or Twitter with spurious hits.
Another issue of course is that many organisations focus only on managing info risk for a limited number of the most obvious – not necessarily the most risky – contracts
So, it becomes a real toughie to spot
@jbosavage-Outsider Intrusions are easier to detect and monitor ;its the inside ones which are more worrying.
The thing that has me worried is the way that differeent types of data can be culled from different systems and be made into more valuable information (customer names and bank routing numbers, etc.) The big data craze has systems much more closely connected.
@Steve, what sort of questions should OEMs and distributors be asking to figure out the riskiest items to focus on?
The key to managing info risk in the supply chain is to employ an info-led, risk based approach
Some of the big fraud cases were insiders manipulating data trends. Barings comes to mind.
@SteveD, It does, but the human touch therefore, oddly, becomes desirable.
@tech4people, insider threat is a big deal, whether the insider is malicious or ignroant.
@Steve – what are some examples of a 'most obvious' contract not being the most risky?
@Jim, glad you could make it… pull up a chair.
@Steve – what are some examples of a 'most obvious' contract not being the most risky?
@Hailey: Are the people taking the data able to create a picture from all these different parts? Do you need a certain skill set to assemble it all?
Humans can make judgments or at least call odd figures into question
@jbos Doesn't it always
Data scrubbing and reasonability checking look like huge SaaS opportunities
Sorry for the repeat, everyone.
Overcoming some of the challenges is about identifying the info shared with suppliers and quantifying the risk to determine a proportionate response
Hey Michael, welcome to the conversational fray! Glad you could be here. Have some guacamole.
@Hailey-complications can be endless,if you do so.
WHat factors go into risk assessment? Geographic location? Security of the suppliers' systems?
@michael s I'm thinking here of the traditional supply chain management approach which mostly done by procurement has tended to focus on risk by size of contract – so a $100m contract gets attention but IP which has no $ ticket – yet – would get missed
@Steve, what might be a proportionate response? is it about securing data, apps, systems, endpoints? What are the best practices from a technology standpoint?
Thanks, Hailey! I'm trying to cut down on the guac, though.
@MIchael-Factor No.1 Is Employees.Factor No.2 is Technology involved.
Thanks, Tech4people.
Risk assessment is aboiut determining the potential impact of the loss of data to your organisation – you'll want to take into account geography yes but also the degree of maturity of your suppliers' security, their willingness to share info with you and to discuss security
@Michael, I know chrisrtmas isn't your gig…but guacamole and salsa are really festive. Start with the abstinence in the New Year… Besides, our virtual guac is very low cal. 🙂
@Steve – is it wisest to set up security procedures across the organization and apply them equally across all suppliers?
Hailey, you've twisted my arm. It's delicious.
Good Food ALWAYS ROCKS!
@hailey yes its about all those things, but more about looking at the access points to those systems and ensuring that the basics are covered – the people awareness things are important too, its not just about technology and of course in many countries where supply chains extend, it can be a relatively low cost exercise to influence the people side to let you have info you would otherwise not have
@michael s I'd say not, that's a bit like trying to boil the ocean – I'd say look at it in bite sized chunks
What I mean by that is start with the information – whats the most important and critical to the business
Then track that info flow across suppliers, that'll identify where you need to focus yoir efforts
bite-size based on risk profile, though
Work with those supplers and identify the ones “at risk” – could be down to geography, could be that they dont have the most robust systems in place
Ane then start from there – its more manageable
Steve, It would be worth checking the riskiest transaction types out early in the process, independent of size. Often large amounts of fraud occur in small deals.
Bite-size based on risk profile, right
that makes a lot of sense – let the data path indentify the riskiest links
@jim good point jim, I agree, some of the most damaging have been the small frauds which add up
@Steve, the training piece is hard. everything i've seen and read has said that you have to make it part of the day to day business, by putting it in people's job descriptions (to protect corproate assets including data and systems); to do regular trainings, mention it in meetings, even put signs up on the wall (Don't share your password). the problem is that the cybercriminals have unlimited attempts and only need one mistake
Also can be the most difficult to detect
We are past the half hour mark…so dear guests, its time to get your last questions in. Steve, thoughts that you haven't had a chance to share?
Hailey, another troubling stat I saw — 53% of companies conduct security tranining only yearly, and 14% only do it “ad hoc” — when someone screws up, basically.
@hailey, that's right, there were some stats I saw around phishing that said that I think if you received the same phishing email twice or three times you were more inclined to click and open it to find out what it was all about than if you only received it once – I love my spam filter and junk mailbox!
Training only goes so far. The pace of operations often puts security on a back burner, especially if people develop a high level of comfort in relationships.
Awareness is a biggy, we've said it for years and we'll continue to say it for many more to come
@Rodney, and the really scary thing is that there's no telling what that 53 percent are calling “annual security training”. it might be a ten minute video or an email reminder.
@jim spot on jim, that's why I'm a fan of embedding security in the business – put a security guy out with the business teams so that security understands what is going on and can provide advice and guidance constructively and in a timely way
and patching! Don't get me started about the need to patch applications and OSes regularly and with alacrity.
Security can be built in to operations. Financial companies look fro behavioural trends with traders, as well as changes in trading pattern. It's sophisticated, but it can trap problems early.
Sorry, folks – I have to jump off. Thanks for the insight!
I just came out of a meeting where we discussed some points very relevant here: Security isn't just an internal matter. Partner security impacts your security. The nuclear power plant doesn't have to just worry about its own security; it has to worry about the security at its catering company.
@Steve, that would be an idea world with security close to the business. Let's hope people listen to you!
@mitch – that's right Mitch and also the provider of paper and and and
Hey Mitch, good to have you with us. That's a critical comment that you are making! your partners mistkae can be your downfill.
@hailey I'm on a mission… 🙂
@Steve, and EBN is glad to provide the forum for your mission! I'm right there with you!
@ glad to know I'm in good company – and there's plenty of guac to go round too 🙂
I'm going to draw us to a close, but thank you very much for coming by Steve! We're glad to have you come anytime. And thanks everyone for asking some great questions.
Good supply chain info risk mamangement needs to be integrated with vendor management and based on a follow the information approach – I'll leave you with that thought!
@hailey thanks for having me, been fun, see you all soon
Preach it!
Hello,
Looking for a solution for antishoplifting that can work for small items such as rings and accessories.
Please advise
Jawad
nice post