Skip to content
Highlights From This Episode…
- Bring up security early in the process. IT is often treated as an afterthought in AV.
- Assess the impact of each device being comprised.
- Consider access for each device. Who? How? Why? Least resource or least route?
- Consider if network connectivity is really needed for each device.
- Perform role-playing to get better perspective of what a malicious actor could do.
- Assess if users can accidentally cause a security breach, such as plugging in unknown USB sticks.
- VLAN headers can be spoofed and should not be considered a security mechanism.
- Close unused ports on all devices.
- Enable device logging and monitor the logs for suspicious activity.
- Consider messaging direction per device and disable a device’s ability to send or receive messages if not needed.
- Being able to demonstrate internal security practices may reduce liability should an incident arise. *This is not legal advice ?
- Create a culture of security awareness in your organisation through policies, training and compliance testing.
- Perform internal and possibly public code reviews.
- Track data check-in and check-outs.
- Incentivize reporting vulnerabilities through rewards programs.
- AV as a cyber target is increasing in popularity.
Mentioned In This Episode…