This article has been indexed from CSO Online
In the guidance issued by the Cybersecurity and Infrastructure Security Agency (CISA) in April 2021 on securing one’s supply chain, a portion of the guidance was dedicated to the threat vector posed to entities during their design phase.
The question COOs should be asking their CISO’s is: “How can I make my product and processes the most secure and operate within acceptable risk parameters for the company and our customers?”
In many companies, both large and small, operations and production operate separately from information security. Some CISOs lack the recognition that the latter is the support element to the former. This dichotomy often creates friction and abrasive relationships when the situation calls for the exact opposite.
Read the original article: CISOs: Do you know what’s in your company’s products?