Choosing Secure and Verifiable Technologies

With an ever-growing number of cyber threats endangering users’ privacy and data, organisations must ensure they are consistently choosing secure and verifiable technologies.

Customers have the responsibility for evaluating the suitability, security and risks associated with acquiring and operating a digital product or service. However, it is important that customers increasingly demand manufacturers embrace and provide products and services that are secure-by-design and secure-by-default. In this way, consumers can increase their resilience, reduce their risks, and lower the costs associated with patching and incident response.

When an organisation has determined a need to procure a digital product or service, it must consider whether the product or service is secure and that security will be maintained throughout its specified lifecycle. Inadequate or poor security may expose organisations to increased and possibly unmanageable risks, as well as higher operational costs. Proactive integration of security considerations into the procurement process can assist in managing and significantly mitigating risks and reducing costs.

While procuring organisations should endeavour to ask as many of the questions recommended in this paper as possible, it may take time for manufacturers to adapt their behaviours and practices to answer all of these questions. Ultimately, procuring organisations must ensure they have gathered sufficient information to make an informed decision.

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the following international partners provide the recommendations in this guide as a roadmap for choosing secure and verifiable technologies:

• Cybersecurity Infrastructure Security Agency (CISA)
• Canadian Centre for Cyber Security (CCCS)
• United Kingdom’s National Cyber Security Centre (NCSC-UK)
• New Zealand’s National Cyber Security Centre (NCSC-NZ)

This paper is written for:

Organisations who procure and leverage digital products and services. Otherwise referred to as procuring organisations, purchasers, consumers and customers in this paper. Manufacturers of digital products and services.
Key personnel who should read this guidance include, but are not limited to, organisation executives, senior managers, cyber security personnel, security policy personnel, product development teams, risk advisers and procurement specialists.

Download Paper

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

(your logo & profile link here)

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more