Key Considerations for a New Reality
For effective implementation of policies, frameworks, standards and guidelines that will be formulated as part of the execution of the order, the top management should seek answers to key questions in each of the three areas in order to understand their current state and the gaps:
Software Supply Chain Security
- What are the critical business processes across the supply chain?
- Do we know how our suppliers and partners are managing cyber supply chain risks for the products and services we acquire?
- How do we ensure that the vendors stay current on emerging vulnerabilities? What are the vendor capabilities to address new “zero day” vulnerabilities?
- Is the vendor’s software / hardware design process documented? Is it repeatable & measurable?
- How do we continuously monitor supply chain processes for compliance to standards and address issues?
- How do we ensure that suppliers communicate threats and vulnerabilities and mitigation actions, and regularly update on the status?
- Have we deployed inventory of cloud services?
- How do we ensure that service providers comply with the cloud-services governance framework?
- How do we assess or implement zero-trust architecture when migrating to cloud technology?
- How do we identify requirements and adopt multi factor authentication and encryption of data?
- How and when do we assess the security of cloud services?
- How do we monitor, identify, and quickly respond to emerging cyber threats and prevent cyber incidents?
Improve Cyber Defense
- How do we identify cyber vulnerabilities and defend our system and functions from cyber incidents?
- How do we ensure we have created a threat database, kept it current and shared it with other government agencies and departments?
- How do we effectively implement the playbook to respond to cyber incidents and provide information to the Cyber Safety Review Board if an incident occurs?
- How do we incorporate cyber resilience in the fabric of digital care and data privacy elements?
- How is cyber risk management integrated into procurement and the day to day operations process?
- How do we improve our detection, analysis and response capabilities towards cyber incidents?
Strategies to Improve Cybersecurity Posture
Consider developing a strategy that helps close the gaps identified in your supply chain security, the current cybersecurity structure, and cyber defense mechanism. People, process, and technology, play a critical role in building cyber resilience and improving your cybersecurity posture. Following are the points you could consider: