Tag Archives: Cybersecurity

Cybersecurity Acronyms

As with any industry, there are a slew of acronyms that are used. Cybersecurity is no different. To completely understand the standards and best practices for cybersecurity, you must understand the various groups and terminology being used.

Tyco Security Products Cyber Protection Program

Developed over five years from providing critical solutions to the U.S. Government and other multi-national customers, Tyco Security Products Cyber Protection Program is one of the first in the industry to offer a holistic, six-part approach to cyber security for physical security products. We have effectively worked with government agencies to meet the appropriate standards and validations. Below is an explanation of many of the various cyber security groups and common terminology used.

FIPS

Federal information Processing Standards (FIPS) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with agencies.

Having a FIPS validation ensures that encryption completed properly. Test results are validated by the United States National Institute of Standards and Technology (NIST), yet another acronym.

FISMA

The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against threats.  View the Tyco Security Products FISMA-ready configuration guidelines. These guidelines apply to Software House CCURE 9000 and American Dynamics victor video management system (VMS) software and VideoEdge network video recorders.

NERC

The North American Electric Reliabilty Corporation (NERC) is a non-profit organization that works with all stakeholders to develop standards for power system operation, monitoring and enforcing compliance with those standards.

NERC CIP

NERC Critical Infrastructure Protection (CIP) is 9 standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning. View the Tyco NERC-CIP V5 ready configuration guidelines for Software House CCURE and iStar.

DISA

The Defense Information Systems Agency (DISA) is a United States Department of Defense (DoD) agency that provides information technology (IT) and communications support to any individual or system contributing to the defense of the United States.

SRG

Security Requirement Guide (SRG) is compilation of singular, actionable statements that comprise a security control or security best. An SRG is used by DISA field security operations and vendor guide developers to build security technical implementation guides (STIGs). I know we cannot stop with the acronyms. A STIG is a guide for implementing IT systems within the DoD. View the Tyco DISA security requirements for VideoEdge using the General Purpose Operating System SRG.

SANS

System Administration Networking and Security (SANS) released Top 20 security vulnerabilities. These are security controls for protecting a network. VideoEdge and victor have been designed and have had the necessary features implemented to assist our installers and users with configuring their networks in the manner they need to implement the SANS controls they elect.

Learn more about our cyber protection program.

Introducing the Cyber Protection Program from Tyco Security Products

Developed over five years, Tyco Security Products Cyber Protection Program is one of the first in the industry to offer a holistic approach to cybersecurity for physical security products. We’re committed to cybersecurity through a product’s entire lifecycle — from requirements through obsolescence.

TSP_CyberProtectionProgram

We’ve developed our cybersecurity expertise after many years of providing critical solutions for the United States government and large multinational customers, and we hold several industry firsts, including FISMA-ready access control and video solutions.

Six Part Approach to Cyber Protection
Our Cyber Protection Program’s six -part approach to cyber protection for physical security products looks far beyond components and devices and cyber security hardening. The scrutiny begins with the initial product concept and requirements, continues through analysis of system design and programming, and culminates with final testing, integration and evaluation.

  • Secure Product Development Practices – Secure coding and testing reduces the possibility of inadvertently introducing vulnerabilities during product development
  • Inclusive Protection of Components and Systems – Include range of capabilities to complement diverse security needs
  • Configuration Guidelines for Compliance – Provide comprehensive procedures on how to configure C•CURE 9000, VideoEdge and victor systems
  • Testing Procedures – Products undergo rigorous, continuous testing both internally and with an independent test house, to minimize the risk of security updates and new configurations in our cyber-compliant products
  • Rapid Response to Vulnerabilities – Quickly assesses the situation, distributes an advisory bulletin and follow up with fully qualified patches
  • Education and Advocacy – Maintain critical training and development certifications, speaks and advocates for cyber protection for security systems

Tyco’s Cyber Protection Team
Our autonomous cyber protection team, an independent branch of the development group, has deep process control knowledge and specialized expertise in cyber concerns with physical security systems.

Learn more about our Cyber Protection Program and how we are working to protect physical security products from attacks, damages, disruptions and misuse.

ISC West Session: The Convergence of Physical and Cyber Security

Physical and cyber attackers have more sophisticated tools and understanding of network-based systems than ever before, shining a spotlight in particular on the vulnerabilities of security implementations.

CCU

This ISC West session will provide an overview of the four levels of physical security threats beyond perimeter, perimeter, boundary and volumetric security, and present best practices to ensure cyber security readiness.

ISC West Session
The Convergence of Physical and Cyber Security:
Recognizing the Readiness of IP-based Systems

Wednesday, April 6, 2016
11:15 AM – 12:15 PM PDT
ISC West
Sands Expo Center
Room 302
Session Overview

Presenters

WallaceDavid Wallace
Founder & CEO, Surveillance One

BrownWilliam L. Brown, Jr.
Sr. Engineering Manager, Tyco Security Products

We hope to see you at this important ISC West Session. If you have any questions, please let us know.

Visit our Cyber Protection Program page for more information.