ISO 27001 Cybersecurity Management System

ISO 27001 Cybersecurity

ISO 27001 Cybersecurity

ISO 27001 provides businesses effective cybersecurity against today’s threats.  Microsoft notified nearly 10,000 customers, in 2018 that they had been targeted.  Most of these customers were businesses.  The Director of National Intelligence (DNI) has identified Russia, China, Iran, and North Korea as nation-states responsible for most cyberattacks.  Other players include corporate competitors, organized crime, and company insiders.

What is the Nature of Cybersecurity Threats?

Microsoft Security Intelligence Report version 23 noted that breaches to cybersecurity are often caused by simple methods like phishing.  Over reliance on technological approaches cannot therefore adequately address the full nature of these threats.  Companies need a management centered solution like ISO 27001 for their cybersecurity requirements.

These attacks are usually political, military, or acts of industrial espionage.  China alone has been identified by the Department of Justice (DOJ) in attacks against Westinghouse Electric Company, Solar World, United States Steel Corporation, Allegheny Technologies Inc., Alcoa, and the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union.

Why ISO 27001?

ISO 27001 is an effective approach to cybersecurity because these threats require a coordinated systematic approach.   ISO 27001 requires a detailed assessment of vulnerabilities and potential impacts.  This therefore allows for an implementation of appropriate risk treatment strategies.

Because ISO 27001 institutes management review and auditing it ensures that the organization is attuned to the changing nature of cybersecurity threats.  It accomplishes this through a Plan-Do-Act-Check (PDCA) Cycle.  The PDCA establishes objectives and processes, implements them, assesses and measures effectiveness, and provides corrective actions.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  We can do this because our team of experts have extensive experience and deep information security process control expertise.  CVG Strategy ISMS experts have certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 cybersecurity solutions on time and on budget.

FCC Approval Process Streamlined

FCC approval

FCC Streamlines Approval Process

FCC Streamlines Approval Process

The FCC approval process has been streamlined for unintentional radiators.  Most electronic devices create radio frequency (RF) energy.  This energy can interfere with devices.  Intentional radiators are devices which communicate by way of radio frequencies (Bluetooth, Wi-Fi, radio).  Unintentional radiators create RF energy from their power supplies and digital components.  These devices are therefore less likely to interfere with the communications of other devices.

Because the previous requirements were confusing and time consuming the FCC’s streamlining of the approval process is a welcome relief to manufacturers of electronic products.

Supplier’s Declaration of Conformity (SDoC)

Previously the FCC required Verification and a Declaration of Conformity (DoC).  The new FCC approval process no longer requires Verification for unintentional radiators.  It now relies solely on the Supplier’s Declaration of Conformity (SDoC).  The SDoC is comprised of the following steps:

  • Electromagnetic Compatibility (EMC) testing must be performed that conforms to FCC compliance standards.
  • Preparation of a compliance information statement that includes product information, a list of a standards to which the product is compliant and the identification of a responsible party in the United States or its territories.
  • The end user of the product must receive FCC approval compliance information in a paper or electronic user manual.
  • The device should be labeled.  The label should uniquely identify a product name, identification number and/or description.
  • A FCC label can be affixed, though not required.  An electronic label can be used for products with display capabilities.

 CVG Strategy

Our experts at CVG Strategy have extensive experience in the FCC approval process.  We have the experience in EMI/EMC to guide you in requirements for both commercial and military products.  CVG Strategy can provide pretest analysis, thereby reducing EMI emission test failures and their resultant delays. We also have expertise in Environmental testing and evaluation in a number of industries and products.  CVG Strategy specializes in Independent Developmental Testing and Evaluation including: Development of Life Cycle Environmental Profiles, Test Plans, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

ISO 27001 Prevents Cyberattacks – ISMS for Data Security

ISO 27001 Prevents Cyberattacks

ISO 27001 Prevents Cyberattacks

ISO 27001 Prevents Cyberattacks

Implementing an ISO 27001 Information Security Management System (ISMS) prevents cyberattacks.  The Ponemon Institute in a 2017 study found that a typical firm experiences 130 security breaches each year.  Mitigating these breaches requires more than advanced IT practices, it requires a dedicated management system.  ISO/IEC 27001 is such a system.  It includes processes for human resource security, physical and environmental security, and dealing with information security incidents.

The Real Cost of Cyberattacks

The Cost of Malicious Cyber Activity to the U.S. Economy , released by the Whitehouse in February of 2018, estimates that such attacks cost the U.S. economy between $57 billion and $109 billion in 2016.  Their real impact however, can inflict damage that is difficult to assess or quantify in dollar amounts.  While most incidents are kept out of the public eye, a few attacks like the Sony Pictures in November of 2014 do make headlines.

How ISO 27001 Prevents Cyberattacks

Because ISO 27001 is configurable to your company’s requirements it is an effective means of organizing data security.  This is because it includes a complete process and involvement of all stakeholders in monitoring and preventing cyberattacks.  ISO 27001 also includes training to maintain a high state of awareness for all employees.

The security of data is not only of great concern to your organization.  It is of interest to your customers.  ISO 27001 certification shows that your company is a responsible partner and maintains an active interest in monitoring and mitigating cyberattacks.

CVG Strategy

CVG Strategy ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS).  Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 certification on time and on budget.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.

EMC Test Plans, A Requirement for Proper Testing

EMC Test Plans

EMC Test Plans

EMC Test Plans

EMC Test Plans are important in preparing for your trip to the lab.  The test plan should communicate all relevant information about the nature of the system to be tested.  This will allow the test lab to sufficiently assess the requirements needed to complete testing.  These requirements include: size of chamber, number of antennae positions, numbers of cables to be tested, power requirements, and specific measurement and susceptibility equipment.

Equipment Function

Representative functionality is a requirement in EMC testing for both commercial and military applications.  The EMC test plan should include a description of all modes of operation.  The plan should also provide a description of all peripheral equipment required to attain this functionality.  This information should also include a description of normal operation so that an assessment can be made in evaluation of susceptibility.

Safety

The lab will need to know if any potential hazards are posed by the equipment to be tested.  This will allow for any precautionary measures to be made ahead of time.  Because susceptibility testing can produce unforeseen equipment malfunctions, the EMC test plan should also include shut down procedures.

Requirements

Every standard will have general requirements for EMC test plans.  These include: product identification, description, power requirements, cable requirements and descriptions.  Certain standards, like MIL-STD-461, have very detailed and specific additional requirements.   Understanding the testing to be performed and the applicable standards will therefore ensure that the data provided is complete.

Why Write a EMC Test Plan?

Preparing an EMC test plan provides the test lab with the data to properly assess compliance of your product.  It also provides the necessary information for the lab to create a viable EMC Report which is a necessary record of your product’s conformity to applicable requirements.

CVG Strategy

Our experts at CVG Strategy have extensive experience in EMI/EMC.  We can provide requirement analysis, write EMC test plans, perform test witnessing, and provide troubleshooting and analysis of EMI/EMC test failures.

We also have expertise in Environmental testing and evaluation in a number of industries and products, both military and commercial.  CVG Strategy specializes in Independent Developmental Testing and Evaluation including: Development of Life Cycle Environmental Profiles, Test Plans, Test Witnessing and Troubleshooting.

CVG Strategy is a consultancy offering coaching, mentoring, training and program development focused on areas including Business Process Improvement, ITAR and Export Compliance, Cyber Security and Quality Management Systems.