With an ever-growing number of cyber threats endangering users’ privacy and data, organisations must ensure they are consistently choosing secure and verifiable technologies. Customers have the responsibility for evaluating the suitability, security and risks associated with acquiring and operating a digital product or service. However, it is important that customers increasingly demand manufacturers embrace and provide products and services that are secure-by-design and secure-by-default. In this way, consumers can increase their resilience, reduce their risks, and lower the costs associated with patching and incident response.
When an organisation has determined a need to procure a digital product or service, it must consider whether the product or service is secure and that security will be maintained throughout its specified lifecycle. Proactive integration of security considerations into the procurement process can assist in managing and significantly mitigating risks and reducing costs. While procuring organisations should ndeavour to ask as many of the questions recommended in this paper as possible, it may take time for manufacturers to adapt their behaviours and practices to answer all of these questions. Ultimately, procuring organisations must ensure they have gathered sufficient information to make an informed decision.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the following international partners provide the recommendations in this guide as a roadmap for choosing secure and verifiable technologies:
- Canadian Centre for Cyber Security (CCCS) – Canada
- Cybersecurity and Infrastructure Security Agency (CISA) – United States
- National Cyber Security Centre (NCSC-UK) – United Kingdom
- National Cyber Security Centre (NCSC-NZ) – New Zealand
Views: 0
